CVE-2007-1701
CVE-2007-1701
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/3572unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://secunia.com/advisories/25423http://secunia.com/advisories/25445http://secunia.com/advisories/25850http://security.gentoo.org/glsa/glsa-200705-19.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33658https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11034http://www.php-security.org/MOPB/MOPB-31-2007.htmlhttp://www.securityfocus.com/bid/23120http://www.vupen.com/english/advisories/2007/1991http://www.vupen.com/english/advisories/2007/2374