CVE-2007-1700
PHP 4 <4.4.5, PHP 5 <5.2.1 - Code Injection
Title source: llmDescription
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Esser · phplocallinux
https://www.exploit-db.com/exploits/3571
References (17)
Scores
EPSS
0.0435
EPSS Percentile
89.0%
Details
Status
published
Products (35)
php/php
4.0 (8 CPE variants)
php/php
4.0.0
php/php
4.0.1 (3 CPE variants)
php/php
4.0.2
php/php
4.0.3 (2 CPE variants)
php/php
4.0.4 (2 CPE variants)
php/php
4.0.5
php/php
4.0.6
php/php
4.0.7 (4 CPE variants)
php/php
4.1.0
... and 25 more
Published
Mar 27, 2007
Tracked Since
Feb 18, 2026