1 results (0.003 seconds)
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4731
https://notcve.org/view.php?id=CVE-2005-4731
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. • http://pear.php.net/bugs/bug.php?id=3443 http://pear.php.net/package/HTML_QuickForm_Controller/download http://www.osvdb.org/23766 •