PT-2010-2846 · Php · Php

Grzegorz Stachowiak

Published

2010-03-26

Updated

2018-10-30

CVE-2010-1130

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.13 PHP versions prior to 5.3.1

Description The issue allows context-dependent attackers to bypass open basedir and safe mode restrictions. This is achieved by providing an argument to the session save path function that contains multiple ; characters in conjunction with a .. (dot dot), which is not properly interpreted by the session.c in the session extension.

Recommendations For PHP versions prior to 5.2.13, update to version 5.2.13 or later to resolve the issue. For PHP versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-1130

Affected Products

Php

PT-2010-2846 · Php · Php

CVE-2010-1130

Weakness Enumeration

Related Identifiers

Affected Products

References · 14