Security Advisory

CVE-2007-6470

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-12-20 00:00:00

Last updated 2024-09-16 19:15:09

Assigner mitre

State PUBLISHED

Description

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

← Browse all CVEs View on cve.org ↗