CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4143

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile27.17th
PublishedDec 21, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Affected Platforms (CPE)

📦
Php

Php

<= 5.2.11
📦
Php

Php

= 1.0
📦
Php

Php

= 2.0
📦
Php

Php

= 2.0b10
📦
Php

Php

= 3.0
📦
Php

Php

= 3.0.1
📦
Php

Php

= 3.0.2
📦
Php

Php

= 3.0.3
📦
Php

Php

= 3.0.4
📦
Php

Php

= 3.0.5
📦
Php

Php

= 3.0.6
📦
Php

Php

= 3.0.7
📦
Php

Php

= 3.0.8
📦
Php

Php

= 3.0.9
📦
Php

Php

= 3.0.10
📦
Php

Php

= 3.0.11
📦
Php

Php

= 3.0.12
📦
Php

Php

= 3.0.13
📦
Php

Php

= 3.0.14
📦
Php

Php

= 3.0.15
📦
Php

Php

= 3.0.16
📦
Php

Php

= 3.0.17
📦
Php

Php

= 3.0.18
📦
Php

Php

= 4
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0.0
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.2
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.4
📦
Php

Php

= 4.0.5
📦
Php

Php

= 4.0.6
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.1.0
📦
Php

Php

= 4.1.1
📦
Php

Php

= 4.1.2
📦
Php

Php

= 4.2.0
📦
Php

Php

= 4.2.1
📦
Php

Php

= 4.2.2
📦
Php

Php

= 4.2.3
📦
Php

Php

= 4.3.0
📦
Php

Php

= 4.3.1
📦
Php

Php

= 4.3.2
📦
Php

Php

= 4.3.3
📦
Php

Php

= 4.3.4
📦
Php

Php

= 4.3.5
📦
Php

Php

= 4.3.6
📦
Php

Php

= 4.3.7
📦
Php

Php

= 4.3.8
📦
Php

Php

= 4.3.9
📦
Php

Php

= 4.3.10
📦
Php

Php

= 4.3.11
📦
Php

Php

= 4.4.0
📦
Php

Php

= 4.4.1
📦
Php

Php

= 4.4.2
📦
Php

Php

= 4.4.3
📦
Php

Php

= 4.4.4
📦
Php

Php

= 4.4.5
📦
Php

Php

= 4.4.6
📦
Php

Php

= 4.4.7
📦
Php

Php

= 4.4.8
📦
Php

Php

= 4.4.9
📦
Php

Php

= 5
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.1
📦
Php

Php

= 5.0.2
📦
Php

Php

= 5.0.3
📦
Php

Php

= 5.0.4
📦
Php

Php

= 5.0.5
📦
Php

Php

= 5.1.0
📦
Php

Php

= 5.1.1
📦
Php

Php

= 5.1.2
📦
Php

Php

= 5.1.3
📦
Php

Php

= 5.1.4
📦
Php

Php

= 5.1.5
📦
Php

Php

= 5.1.6
📦
Php

Php

= 5.2.0
📦
Php

Php

= 5.2.1
📦
Php

Php

= 5.2.2
📦
Php

Php

= 5.2.3
📦
Php

Php

= 5.2.4
📦
Php

Php

= 5.2.5
📦
Php

Php

= 5.2.6
📦
Php

Php

= 5.2.7
📦
Php

Php

= 5.2.8
📦
Php

Php

= 5.2.9
📦
Php

Php

= 5.2.10

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
🔗 http://marc.info/?l=bugtraq&m=127680701405735&w=2
🔗 http://secunia.com/advisories/37821
🔗 http://secunia.com/advisories/38648
🔗 http://secunia.com/advisories/40262
🔗 http://secunia.com/advisories/41480
🔗 http://secunia.com/advisories/41490
🔗 http://support.apple.com/kb/HT4077

Related Vulnerabilities

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-896710.0

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO...

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...