FKIE_CVE-2007-4652

Vulnerability from fkie_nvd - Published: 2007-09-04 19:17 - Updated: 2026-04-23 00:35
Severity ?
Summary
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
References
cve@mitre.orghttp://secunia.com/advisories/26642Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26822Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26838Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27102Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27377Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
cve@mitre.orghttp://www.php.net/ChangeLog-5.php#5.2.4
cve@mitre.orghttp://www.php.net/releases/5_2_4.php
cve@mitre.orghttp://www.trustix.org/errata/2007/0026/
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3023Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36387
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1693
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1702
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26642Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26822Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26838Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27102Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-5.php#5.2.4
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/releases/5_2_4.php
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0026/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3023Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36387
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1693
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1702
Impacted products
Vendor Product Version
php php *
php php 1.0
php php 2.0
php php 2.0b10
php php 3.0
php php 3.0.1
php php 3.0.2
php php 3.0.3
php php 3.0.4
php php 3.0.5
php php 3.0.6
php php 3.0.7
php php 3.0.8
php php 3.0.9
php php 3.0.10
php php 3.0.11
php php 3.0.12
php php 3.0.13
php php 3.0.14
php php 3.0.15
php php 3.0.16
php php 3.0.17
php php 3.0.18
php php 4.0
php php 4.0
php php 4.0
php php 4.0
php php 4.0
php php 4.0.0
php php 4.0.1
php php 4.0.2
php php 4.0.3
php php 4.0.4
php php 4.0.5
php php 4.0.6
php php 4.0.7
php php 4.1.0
php php 4.1.1
php php 4.1.2
php php 4.2.0
php php 4.2.1
php php 4.2.2
php php 4.2.3
php php 4.3.0
php php 4.3.1
php php 4.3.2
php php 4.3.3
php php 4.3.4
php php 4.3.5
php php 4.3.6
php php 4.3.7
php php 4.3.8
php php 4.3.9
php php 4.3.10
php php 4.3.11
php php 4.4.0
php php 4.4.1
php php 4.4.2
php php 4.4.3
php php 4.4.4
php php 4.4.5
php php 4.4.6
php php 4.4.7
php php 4.4.8
php php 4.4.9
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.1
php php 5.0.2
php php 5.0.3
php php 5.0.4
php php 5.0.5
php php 5.1.0
php php 5.1.1
php php 5.1.2
php php 5.1.3
php php 5.1.4
php php 5.1.5
php php 5.1.6
php php 5.2.0
php php 5.2.1
php php 5.2.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CDA10FE-C930-4399-A0AE-1C9A6D547FB9",
              "versionEndIncluding": "5.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "92647629-083F-4042-8365-4AD2EBC9C1BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF72E8D5-9F8C-4BD4-9AA4-28E23CB48A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
              "matchCriteriaId": "83BE1120-6370-4470-8586-6581EDF3FD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "245C601D-0FE7-47E3-8304-6FF45E9567D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691BB8BB-329A-4640-B758-7590C99B5E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2BC4CCE-2774-463E-82EA-36CD442D3A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C478024C-2FCD-463F-A75E-E04660AA9DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC9C32F4-5102-4E9B-9F32-B24B65A5ED2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5BD99C0-E875-496E-BE5E-A8DCBD414B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1851ADE5-C70C-46E0-941A-6ADF7DB5C126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DA3BA2-AF53-4C9D-93FA-0317841595B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0CFEE5-2274-4BBC-A24A-3A0D13F607FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "67B59D6A-7EDA-4C34-81D6-C2557C85D164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBA40B6-8FDF-41AA-8166-F491FF7F3118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74E2B72-A428-4BB3-B6F8-0AF5E487A807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2F1D82-8E6A-4FBF-9055-A0F395DC17FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "945FF149-3446-4905-BCA1-C397E3497B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E446DBD-FEFA-4D22-9C9D-51F61C01E414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8DE728-78E1-4F9F-BC56-CD9B10E61287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E31CC6-9356-4BB7-9F49-320AAF341E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB8AD3A-9181-459A-9AF2-B3FC6BAF6FEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3E7199-8FB7-4930-9C0A-A36A698940B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C2AF1D9-33B6-4B2C-9269-426B6B720164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B70263-37AA-4539-A286-12038A3792C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E46E4B4-808C-4B47-81D9-EC2B02A5E57B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF30D7F-353B-4496-9A89-4EF2BB279E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD97DF34-35AB-4979-96E2-B23DC8556A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n de sesi\u00f3n en PHP versiones anteriores a 5.2.4, podr\u00eda permitir a usuarios locales omitir las restricciones de open_basedir por medio de un archivo de sesi\u00f3n que representa una vulnerabilidad de tipo symlink."
    }
  ],
  "id": "CVE-2007-4652",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-04T19:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26822"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26838"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27377"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/releases/5_2_4.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0026/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3023"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36387"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/releases/5_2_4.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0026/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1702"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group\u2019s stance on these features, Mandriva does not consider this a security issue.",
      "lastModified": "2007-09-18T00:00:00",
      "organization": "Mandriva"
    },
    {
      "comment": "We do not consider these to be security issues.  For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php\n",
      "lastModified": "2007-09-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.