cbcvebase.
CVE-2007-4652
published 2007-09-04

CVE-2007-4652: The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

PriorityP414medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
0.61%
44.6th percentile
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Affected

77 ranges· showing 25
VendorProductVersion rangeFixed in
phpphp<= 5.2.3
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

CVSS provenance

nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.