PT-2007-4952 · Ellislab · Codeigniter

Lukasz Pilorz

Published

2007-07-11

Updated

2018-10-15

CVE-2007-3706

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CodeIgniter version 1.5.3

Description The issue in CodeIgniter allows remote attackers to unset arbitrary global variables. This is demonstrated by a SERVER cookie, which can have an unspecified impact.

Recommendations For CodeIgniter version 1.5.3, update to a version released after 20070628 to resolve the issue. As a temporary workaround, consider restricting access to the sanitize globals function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3706

Affected Products

Codeigniter

PT-2007-4952 · Ellislab · Codeigniter

CVE-2007-3706

Related Identifiers

Affected Products

References · 7