CVE-2007-1701

2007-03-26T21:19:00
ID CVE-2007-1701
Type cve
Reporter NVD
Modified 2018-10-19T14:34:19

Description

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".