PHP » PHP » 4.0 beta_4_patch1 : Security Vulnerabilities, CVEs, Published In 2007 (Information Leak)
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Max CVSS
4.3
EPSS Score
1.24%
Published
2007-11-20
Updated
2018-10-15
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
Max CVSS
4.3
EPSS Score
0.38%
Published
2007-05-17
Updated
2018-10-19
2 vulnerabilities found