CVE-2007-5899

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-11-20 19:46

Updated : 2024-02-28 11:01


NVD link : CVE-2007-5899

Mitre link : CVE-2007-5899

CVE.ORG link : CVE-2007-5899


JSON object : View

Products Affected

php

  • php
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor