Your submission was sent successfully! Close

CVE-2007-1700

Published: 27 March 2007

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

Priority

Unknown

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.2.1)