CVE-2007-5899

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Configurations

Configuration 1

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Information

Published : 2007-11-20 07:46

Updated : 2018-10-15 09:46


NVD link : CVE-2007-5899

Mitre link : CVE-2007-5899

Products Affected
No products.
CWE