CVE-2007-1701 (php)
-
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1701
© Lightnetics 2024