CVE-2007-1835
published 2007-04-03CVE-2007-1835: PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions…
PriorityP416medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.69%
48.1th percentile
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9x38-6qv2-vw32: PHP 4 before 4
ghsa_unreviewed·2022-05-01
CVE-2007-1835 [MEDIUM] GHSA-9x38-6qv2-vw32: PHP 4 before 4
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
Red Hat
CVE-2007-1835: PHP 4 before 4
vendor_redhat·CVSS 4.6
CVE-2007-1835 [MEDIUM] CVE-2007-1835: PHP 4 before 4
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
Statement: The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
No detection rules found.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://secunia.com/advisories/25423http://secunia.com/advisories/25850http://www.php-security.org/MOPB/MOPB-36-2007.htmlhttp://www.securityfocus.com/bid/23183http://www.vupen.com/english/advisories/2007/1991http://www.vupen.com/english/advisories/2007/2374https://exchange.xforce.ibmcloud.com/vulnerabilities/33550http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://secunia.com/advisories/25423http://secunia.com/advisories/25850http://www.php-security.org/MOPB/MOPB-36-2007.htmlhttp://www.securityfocus.com/bid/23183http://www.vupen.com/english/advisories/2007/1991http://www.vupen.com/english/advisories/2007/2374https://exchange.xforce.ibmcloud.com/vulnerabilities/33550
2007-04-03
Published