phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking
| EKU-ID: 35897 | CVE: CVE-2007-6470;OSVDB-39262 | OSVDB-ID: |
| Author: Michael Brooks | Published: 2007-12-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35897 | CVE: CVE-2007-6470;OSVDB-39262 | OSVDB-ID: |
| Author: Michael Brooks | Published: 2007-12-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/26884/info phpRPG is prone to two vulnerabilities: - An SQL-injection vulnerability - A vulnerability that lets remote attackers gain access to sessions. Exploiting these issues may allow an unauthorized user to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue affects phpRPG 0.8.0; other versions may also be affected. http://www.example.com/phpRPG-0.8.0/tmp/