VYPR
Unrated severityNVD Advisory· Published Dec 10, 2006· Updated Jun 16, 2026

CVE-2006-6383

CVE-2006-6383

Description

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • PHP/PHP3 versions
    cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    • (no CPE)range: 5.2.0, 4.4

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.