Unrated severityNVD Advisory· Published Dec 20, 2007· Updated Apr 23, 2026
CVE-2007-6470
CVE-2007-6470
Description
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/26884nvdExploit
- secunia.com/advisories/27968nvdVendor Advisory
- marc.infonvd
News mentions
0No linked articles in our index yet.