CVEs-PoC/2010/CVE-2010-1130.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 15:54:10 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

POC

Reference

http://securityreason.com/achievement_securityalert/82
http://securityreason.com/securityalert/7008

Github

No PoCs found on GitHub currently.

883 B Raw Blame History

CVE-2010-1130

Description

POC

Reference

Github

883 B

Raw Blame History