Main Vulnerability Database Exploits ID:11537 - Exploit for Input validation error in PHP - CVE-2006-6383

ID:11537 - Exploit for Input validation error in PHP - CVE-2006-6383

Published: June 10, 2025

Vulnerability identifier: #VU110465

Vulnerability risk: Low

CVE-ID: CVE-2006-6383

CWE-ID: CWE-20

Exploitation vector: Local access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/29239/

Vulnerability description

The vulnerability allows a local user to read and manipulate data.

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.

Remediation

Install update from vendor's website.

ID:11537 - Exploit for Input validation error in PHP - CVE-2006-6383

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human