Authorization Bypass

2020-04-1000:53:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

php is vulnerable to authorization bypass. The vulnerability exists as an input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session.

CPENameOperatorVersion
phpeq5.1.6__7.el5
phpeq5.1.6__11.el5
phpeq5.1.6__20.el5_2.1
phpeq5.1.6__12.el5
phpeq5.1.6__20.el5
phpeq5.1.6__23.2.el5_3
phpeq5.1.6__24.el5_4.5
phpeq5.1.6__15.el5
phpeq5.1.6__23.el5
phpeq5.1.6__5.el5

Name	Operator	Version
php	eq	5.1.6__7.el5
php	eq	5.1.6__11.el5
php	eq	5.1.6__20.el5_2.1
php	eq	5.1.6__12.el5
php	eq	5.1.6__20.el5
php	eq	5.1.6__23.2.el5_3
php	eq	5.1.6__24.el5_4.5
php	eq	5.1.6__15.el5
php	eq	5.1.6__23.el5
php	eq	5.1.6__5.el5