CVE-2006-4432

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zend:zend_platform:*:a:*:*:*:*:*:*

History

No history.

Information

Published : 2006-08-29 00:04

Updated : 2024-02-04 16:52


NVD link : CVE-2006-4432

Mitre link : CVE-2006-4432

CVE.ORG link : CVE-2006-4432


JSON object : View

Products Affected

zend

  • zend_platform