Main
Vulnerability Database
Exploits
ID:11499 - Exploit for Input validation error in PHP - CVE-2007-3799
ID:11499 - Exploit for Input validation error in PHP - CVE-2007-3799
Published: June 9, 2025
Vulnerability identifier: #VU110388
Vulnerability risk: Medium
CVE-ID: CVE-2007-3799
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
PHP
PHP
Link to public exploit:
Vulnerability description
The vulnerability allows a remote non-authenticated attacker to corrupt data.
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
Remediation
Install update from vendor's website.