CVE-2007-1522 in PHPinfo

Summary

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

03/20/2007

Disclosure

03/20/2007

Moderation

VulDB entry created

Entries

VDB-35695 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.08006

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-1522
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1522
CVE Details	https://www.cvedetails.com/cve/CVE-2007-1522/

◂ Previous Overview Next ▸