Security Advisory

CVE-2007-1701

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-03-27 01:00:00

Last updated 2024-08-07 13:06:26

Assigner mitre

State PUBLISHED

Description

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

← Browse all CVEs View on cve.org ↗