CVE-2006-4432

2006-08-28T20:04:00
ID CVE-2006-4432
Type cve
Reporter NVD
Modified 2018-10-17T17:37:02

Description

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.