CVE-2006-0636

by Fred · 10/02/2006

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.

Date published : 2006-02-10

http://www.securityfocus.com/bid/16537

http://www.securityfocus.com/archive/1/424329/100/0/threaded

CVE-2006-0636

Similar

Recent Posts

Categories

CVE-2006-0636

Share this:

Similar

Recent Posts

Categories

Tags