← voltar
CVE-2007-5899

CVE-2007-5899

EPSS 3.4%
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://bugs.php.net/bug.php?id=42869http://osvdb.org/38918http://secunia.com/advisories/27659http://secunia.com/advisories/27864http://secunia.com/advisories/28249http://secunia.com/advisories/30040http://secunia.com/advisories/30828http://secunia.com/advisories/31119http://secunia.com/advisories/31124http://secunia.com/advisories/31200https://issues.rpath.com/browse/RPL-1943https://launchpad.net/bugs/173043