PT-2016-3373 · Php+2 · Php+2

Taoguangchen

Publicado

2016-09-11

Atualizado

2018-01-05

CVE-2016-7125

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10

Description The issue exists due to the failure to neutralize special elements in the ext/session/session.c component of the PHP interpreter. This allows a remote attacker to modify user session data by injecting arbitrary-type session data, potentially demonstrated through object injection, by leveraging control of a session name.

Recommendations For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

BDU:2022-02403

CVE-2016-7125

DLA-628-1

DSA-3689-1

OPENSUSE-SU-2016_2337-1

OPENSUSE-SU-2016_2451-1

RHSA-2016:2750

SUSE-SU-2016:2328-1

SUSE-SU-2016:2408-1

SUSE-SU-2016:2459-1

SUSE-SU-2016:2460-1

SUSE-SU-2016:2460-2

USN-3095-1

Produtos afetados

Php

Suse

Ubuntu

PT-2016-3373 · Php+2 · Php+2

CVE-2016-7125

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 115