CVE-2007-1700 (retired)

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1,
calculates the reference count for the session variables without
considering the internal pointer from the session globals, which allows
context-dependent attackers to execute arbitrary code via a crafted string
in the session_register after unsetting HTTP_SESSION_VARS and _SESSION,
which destroys the session data Hashtable.
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.2.1)
More Information

Updated: 2019-09-19 15:07:50 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)