漏洞标题
N/A
漏洞描述信息
在PHP 5.1.3之前,在session.c中未知的漏洞具有未知的影响和攻击途径,与“会话名称中的某些字符”有关,包括通常与CRLF注入、SQL注入、跨站点脚本(XSS)和HTTP响应分割漏洞相关的特殊字符。注意:虽然漏洞的性质未指定,但它很可能与PHP应用程序对会话名称是字符编码的期望有关,正如在PHP手册中关于session_name()函数暗示的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PHP session.c 未明漏洞
漏洞描述信息
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP 5.1.3 之前的版本中的 session.c 存在未明漏洞,具有未知影响和未知向量,与 "会话中的特点字符"有关,包括常常与CRLF注入,SQL注入,跨站点脚本攻击(XSS)和HTTP响应拆分漏洞相关联的特殊字符。
CVSS信息
N/A
漏洞类别
跨站脚本