CVE-2007-5899

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.5

Description The issue allows remote attackers to obtain potentially sensitive information by reading the requests for a non-local URL. This is demonstrated by a rewritten form containing a local session ID, specifically when the ACTION attribute references a non-local URL in local forms. The output add rewrite var function is involved in this issue.

Recommendations For PHP versions prior to 5.2.5, update to version 5.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and session IDs in local forms to minimize the risk of exploitation.