Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-4731

Description

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

Affected products

The Php Group/Pear HTML Quickform Controller
cpe:2.3:a:the_php_group:pear_html_quickform_controller:1.0.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pear.php.net/bugs/bug.phpnvd
pear.php.net/package/HTML_QuickForm_Controller/downloadnvd
www.osvdb.org/23766nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000