Back to search
CVE-2007-1522
Published: Mar 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-0960
vdb-entry
x_refsource_VUPEN
25056
third-party-advisory
x_refsource_SECUNIA
24505
third-party-advisory
x_refsource_SECUNIA
http://www.php-security.org/MOPB/MOPB-23-2007.html
x_refsource_MISC
22971
vdb-entry
x_refsource_BID
SUSE-SA:2007:032
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now