Vulnerabilities

CVE-2006-4432

by Fred · 28/08/2006

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.

Date published : 2006-08-28

http://www.securityfocus.com/archive/1/444263/100/0/threaded

http://www.hardened-php.net/advisory_052006.128.html

Similar

Tags: Cybersecurity Alert