CVE-2007-4652

PHP <5.2.4 - Auth Bypass

Title source: llm

Description

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · phplocalphp

https://www.exploit-db.com/exploits/10557

View Code ZIP pw:eip

References (13)

[Patch, Vendor Advisory] http://secunia.com/advisories/26642

[Vendor Advisory] http://secunia.com/advisories/26822

[Vendor Advisory] http://secunia.com/advisories/26838

[Vendor Advisory] http://secunia.com/advisories/27102

[Vendor Advisory] http://secunia.com/advisories/27377

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

[Vendor Advisory] http://www.php.net/ChangeLog-5.php#5.2.4

[Vendor Advisory] http://www.trustix.org/errata/2007/0026/

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/3023

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36387

[Issue Tracking] https://issues.rpath.com/browse/RPL-1693

[Issue Tracking] https://issues.rpath.com/browse/RPL-1702

[Release Notes] http://www.php.net/releases/5_2_4.php

Scores

EPSS 0.0021

EPSS Percentile 43.3%

Details

CWE

CWE-59

Status published

Products (46)

php/php 1.0

php/php 2.0

php/php 2.0b10

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

... and 36 more

Published Sep 04, 2007

Tracked Since Feb 18, 2026