First published: Tue Aug 29 2006(Updated: )
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zend Zend Platform | <=2.2.1a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.