Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-1130 | 5.0 |
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode
|
30-10-2018 - 16:25 | 26-03-2010 - 20:30 | |
CVE-2010-1128 | 6.4 |
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies gener
|
10-12-2010 - 06:39 | 26-03-2010 - 20:30 | |
CVE-2010-1129 | 7.5 |
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the
|
31-08-2010 - 05:42 | 26-03-2010 - 20:30 |