Vulnerability Description
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 5.2.12 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/38708Vendor Advisory
- http://securityreason.com/achievement_securityalert/82
- http://securityreason.com/securityalert/7008Exploit
- http://securitytracker.com/id?1023661
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?vie
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?vie
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/releases/5_2_13.phpPatch
- http://www.vupen.com/english/advisories/2010/0479Vendor Advisory
- http://secunia.com/advisories/38708Vendor Advisory
- http://securityreason.com/achievement_securityalert/82
- http://securityreason.com/securityalert/7008Exploit
- http://securitytracker.com/id?1023661
FAQ
What is CVE-2010-1130?
CVE-2010-1130 is a vulnerability with a CVSS score of 5.0 (MEDIUM). session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-depende...
How severe is CVE-2010-1130?
CVE-2010-1130 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1130?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.