Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2006-4433
HistoryAug 29, 2006 - 12:00 a.m.

CVE-2006-4433

2006-08-2900:00:00
mitre
www.cve.org
6

AI Score

6.7

Confidence

Low

EPSS

0.031

Percentile

91.1%

JSON

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

Related

cve 1
ubuntucve 1
nvd 1
redhatcve 1
nessus 1
cve
cve
CVE-2006-4433
2006-08-29 00:04:00
ubuntucve
ubuntucve
CVE-2006-4433
2006-08-29 00:00:00
nvd
nvd
CVE-2006-4433
2006-08-29 00:04:00
redhatcve
redhatcve
CVE-2006-4433
2015-10-30 09:41:20
nessus
nessus
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
2006-08-25 00:00:00

AI Score

6.7

Confidence

Low

EPSS

0.031

Percentile

91.1%

JSON
Related for CVELIST:CVE-2006-4433
cve1ubuntucve1nvd1redhatcve1nessus1