desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-02-10 11:02
Updated : 2024-02-04 16:52
NVD link : CVE-2006-0636
Mitre link : CVE-2006-0636
CVE.ORG link : CVE-2006-0636
JSON object : View
Products Affected
eyeos_project
- eyeos
CWE