SecuritySpace - CVE-2010-1130

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2010-1130

Description: session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-1130
http://securitytracker.com/id?1023661
http://secunia.com/advisories/38708
http://securityreason.com/securityalert/7008
http://securityreason.com/achievement_securityalert/82
http://www.vupen.com/english/advisories/2010/0479

CVE ID:	CVE-2010-1130
Description:	session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1130 http://securitytracker.com/id?1023661 http://secunia.com/advisories/38708 http://securityreason.com/securityalert/7008 http://securityreason.com/achievement_securityalert/82 http://www.vupen.com/english/advisories/2010/0479