Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP EXT/Session HTTP响应页眉注入漏洞
Vulnerability Description
PHP 4.x版本至4.4.7版本和5.x版本至5.2.3版本的ext/session的session_start函数允许远程攻击者可以借助一个cookie中的特殊字符,且该cookie从(1)PATH_INFO,(2)session_id函数,和(3)session_start函数中获得,向会话cookie中注入任意字符。这些字符在新会话cookie产生的时候没有被编码或被过滤。
CVSS Information
N/A
Vulnerability Type
N/A