Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP session扩展件'session.c'权限许可和访问控制漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的session扩展件的源文件session.c没有合适的解释session_save_path函数中“;”(分号)字符,用户受骗打开用“ ..”字符连接并且包含多个“;”(分号)字符的参数的文件,可以利用此漏洞绕过open_basedir和safe_mode的限制。
CVSS Information
N/A
Vulnerability Type
N/A