← back
CVE-2006-6383

CVE-2006-6383

EPSS 1.0%
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29239unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7&r2=1.336.2.53.2.8http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://secunia.com/advisories/24022http://secunia.com/advisories/24514http://securityreason.com/achievement_securityalert/43http://securityreason.com/securityalert/2000http://www.mandriva.com/security/advisories?name=MDKSA-2007:038http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.htmlhttp://www.securityfocus.com/archive/1/453938/30/9270/threadedhttp://www.securityfocus.com/bid/21508