QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1130

Published: Mar 26, 2010

Modified: Sep 16, 2024

PUBLISHED

Description

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://www.php.net/releases/5_2_13.php

x_refsource_CONFIRM

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272

x_refsource_CONFIRM

http://www.php.net/ChangeLog-5.php

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?view=log

x_refsource_CONFIRM

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=log

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

20100211 PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass

third-party-advisory

x_refsource_SREASONRES

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.