CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2006-6383 – PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass
https://notcve.org/view.php?id=CVE-2006-6383
10 Dec 2006 — PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. PHP 5.2.0 y 4.4 permite a usuarios locales evitar restricciones safe_mode y open_basedir a través de una ruta maliciosa y un byte nulo anterior a ";" en el argumento session_save_path, s... • https://www.exploit-db.com/exploits/29239 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •