CVE-2002-0121

Name of the Vulnerable Software and Affected Versions PHP versions 4.0 through 4.1.1

Description The issue allows local users to hijack web connections by exploiting how session IDs are stored in temporary files. The temporary files' names contain the session ID, which enables this exploitation.

Recommendations For PHP versions 4.0 through 4.1.1, consider updating to a version where this issue is resolved, as storing session IDs in temporary files whose name contains the session ID poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.