Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP session.save_path()函数绕过safe_mode及open_basedir安全限制漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP在处理会话信息的功能函数实现上存在漏洞,远程攻击者可能利用此漏洞读取敏感信息或向非授权位置写入文件。 可以在PHP的ini_set()中定义用于保存会话路径的session_save_path()函数。在session.save_path中必须要存在用于保存tmp文件的路径,但session.save_path的句法可能为: [/PATH] 或 [N;/PATH] N - 可以是一个串 例如: 1. session_sa
CVSS Information
N/A
Vulnerability Type
N/A