CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4731

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile16.67th
PublishedDec 31, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

Affected Platforms (CPE)

πŸ“¦
The Php Group

Pear Html Quickform Controller

= 1.0.4

References & Advisories

πŸ”— http://pear.php.net/bugs/bug.php?id=3443
πŸ”— http://pear.php.net/package/HTML_QuickForm_Controller/download
πŸ”— http://www.osvdb.org/23766
πŸ”— http://pear.php.net/bugs/bug.php?id=3443
πŸ”— http://pear.php.net/package/HTML_QuickForm_Controller/download
πŸ”— http://www.osvdb.org/23766

Related Vulnerabilities

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2005-063510.0

Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-044110.0

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticat...