Main Vulnerability Database Exploits ID:11572 - Exploit for Input validation error in PHP - CVE-2007-1522

ID:11572 - Exploit for Input validation error in PHP - CVE-2007-1522

Published: June 12, 2025

Vulnerability identifier: #VU110433

Vulnerability risk: Medium

CVE-ID: CVE-2007-1522

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/3480/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

Remediation

Install update from vendor's website.

ID:11572 - Exploit for Input validation error in PHP - CVE-2007-1522

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human