CVE-2007-1701 — Vulnetix

CVE-2007-1701 PUBLISHED

Reported by mitre · Published March 27, 2007

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, *, n/a

Timeline

Mar 27, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Dec 22, 2023 EPSS Score

References

23120 vdb-entryx_refsource_BID
oval:org.mitre.oval:def:11034 vdb-entrysignaturex_refsource_OVAL
ADV-2007-1991 vdb-entryx_refsource_VUPEN
SSRT071423 vendor-advisoryx_refsource_HP
php-sessiondecode-code-execution(33658) vdb-entryx_refsource_XF
GLSA-200705-19 vendor-advisoryx_refsource_GENTOO
HPSBTU02232 vendor-advisoryx_refsource_HP
ADV-2007-2374 vdb-entryx_refsource_VUPEN
25423 third-party-advisoryx_refsource_SECUNIA
25850 third-party-advisoryx_refsource_SECUNIA
25445 third-party-advisoryx_refsource_SECUNIA
x_refsource_MISC

Open in Interactive Console →