Main Vulnerability Database Vulnerabilities #VU110545

Input validation error in PHP - CVE-2002-0121

Published: September 11, 2008 / Updated: June 8, 2025

Vulnerability identifier: #VU110545

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2002-0121

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: PHP Group

Affected software:
PHP

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

Install update from vendor's website.