sqlite: heap-buffer-overflow at sessionfuzz

A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur...

PHP ext/session/session.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...

PHP EXT/Session HTTP应答头注入漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID，远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart，会在部分情况下发送新会话COOKIE，这些情况如下： - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...

PHP Session.Save_Path() Safe_Mode和Open_Basedir限制绕过漏洞

PHP是一款流行的网络编程语言。 PHP在处理会话信息的功能函数实现上存在漏洞，远程攻击者可能利用漏洞获得敏感信息或向非授权位置写入文件。 session.savepath可以设置在iniset, sessionsavepath函数中，在session.savepath必须包含保存tmp文件路径的数据，但session.savepath的语法为： /PATH 或者 N;/PATH N是字符串。 如： 1. sessionsavepath"/DIR/WHERE/YOU/HAVE/ACCESS" 2. sessionsavepath"5;/DIR/WHERE/YOU/HAVE/ACCESS"...