Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2007-5899 - Vulnerability Database
PHP

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2007-5899

Medium
Reference: CVE-2007-5899
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-5899
Title: PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL as demonstrated by a rewritten form containing a local session ID.