Unrated severityNVD Advisory· Published Nov 20, 2007· Updated Apr 23, 2026
CVE-2007-5899
CVE-2007-5899
Description
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- bugs.php.net/bug.phpnvd
- osvdb.org/38918nvd
- secunia.com/advisories/27659nvd
- secunia.com/advisories/27864nvd
- secunia.com/advisories/28249nvd
- secunia.com/advisories/30040nvd
- secunia.com/advisories/30828nvd
- secunia.com/advisories/31119nvd
- secunia.com/advisories/31124nvd
- secunia.com/advisories/31200nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2007-0242nvd
- www.debian.org/security/2008/dsa-1444nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.php.net/ChangeLog-5.phpnvd
- www.php.net/releases/5_2_5.phpnvd
- www.redhat.com/support/errata/RHSA-2008-0505.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0544.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0545.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0546.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0582.htmlnvd
- www.securityfocus.com/archive/1/491693/100/0/threadednvd
- www.ubuntu.com/usn/usn-549-2nvd
- www.ubuntu.com/usn/usn-628-1nvd
- issues.rpath.com/browse/RPL-1943nvd
- launchpad.net/bugs/173043nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211nvd
- usn.ubuntu.com/549-1/nvd
- www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.htmlnvd
News mentions
0No linked articles in our index yet.