CVE-2007-1522

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.0 through 5.2.1

Description A double free issue in the session extension allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier. This occurs when the internal session storage module rejects the identifier and calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted. This can be triggered by causing a memory limit violation or certain PHP errors.

Recommendations For PHP versions 5.2.0 through 5.2.1, update to a version that contains a fix for this issue to prevent arbitrary code execution.