Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
References
Configurations
History
No history.
Information
Published : 2006-08-29 00:04
Updated : 2024-02-04 16:52
NVD link : CVE-2006-4432
Mitre link : CVE-2006-4432
CVE.ORG link : CVE-2006-4432
JSON object : View
Products Affected
zend
- zend_platform
CWE