Yohgaki

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.38 **Description** The issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts. This is due to vectors involving the smart str data type in the php url parse ex function. **Recommendations** For versions prior to 5.5.38, update to version 5.5.38 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.41 PHP versions 5.5.x prior to 5.5.25 PHP versions 5.6.x prior to 5.6.9 **Description** The issue is related to the pcntl exec implementation in PHP, which incorrectly handles pathnames containing a x00 character. This might allow remote attackers to bypass security restrictions and execute files with unexpected names by providing a crafted first argument. The problem arises from an incomplete fix for a previous issue. **Recommendations** For PHP versions prior to 5.4.41, update to version 5.4.41 or later. For PHP versions 5.5.x prior to 5.5.25, update to version 5.5.25 or later. For PHP versions 5.6.x prior to 5.6.9, update to version 5.6.9 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.2 **Description** The issue is related to a session fixation vulnerability in the Sessions subsystem, allowing remote attackers to hijack web sessions by specifying a session ID. This is also associated with errors in privilege management, which can be exploited by a remote attacker to capture a user's session. **Recommendations** For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider implementing additional session validation and regeneration mechanisms to minimize the risk of session hijacking. Restrict access to sensitive session data to prevent exploitation.