SummaryWhen register_globals is activated the deserialization of the session data can overwrite any global variable, including the _SESSION array. Because of its special implementation this can result in arbitrary code execution.Affected versionsAffected are PHP 4 < 4.4.5 and PHP 5 < 5.2.1
read more | digg story
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment