CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-4143

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile27.17th
Published2009年12月21日
Last Modified2026年4月23日

Vulnerability Description

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Affected Platforms (CPE)

📦
Php

Php

<= 5.2.11
📦
Php

Php

= 1.0
📦
Php

Php

= 2.0
📦
Php

Php

= 2.0b10
📦
Php

Php

= 3.0
📦
Php

Php

= 3.0.1
📦
Php

Php

= 3.0.2
📦
Php

Php

= 3.0.3
📦
Php

Php

= 3.0.4
📦
Php

Php

= 3.0.5
📦
Php

Php

= 3.0.6
📦
Php

Php

= 3.0.7
📦
Php

Php

= 3.0.8
📦
Php

Php

= 3.0.9
📦
Php

Php

= 3.0.10
📦
Php

Php

= 3.0.11
📦
Php

Php

= 3.0.12
📦
Php

Php

= 3.0.13
📦
Php

Php

= 3.0.14
📦
Php

Php

= 3.0.15
📦
Php

Php

= 3.0.16
📦
Php

Php

= 3.0.17
📦
Php

Php

= 3.0.18
📦
Php

Php

= 4
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0
📦
Php

Php

= 4.0.0
📦
Php

Php

= 4.0.1
📦
Php

Php

= 4.0.2
📦
Php

Php

= 4.0.3
📦
Php

Php

= 4.0.4
📦
Php

Php

= 4.0.5
📦
Php

Php

= 4.0.6
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.0.7
📦
Php

Php

= 4.1.0
📦
Php

Php

= 4.1.1
📦
Php

Php

= 4.1.2
📦
Php

Php

= 4.2.0
📦
Php

Php

= 4.2.1
📦
Php

Php

= 4.2.2
📦
Php

Php

= 4.2.3
📦
Php

Php

= 4.3.0
📦
Php

Php

= 4.3.1
📦
Php

Php

= 4.3.2
📦
Php

Php

= 4.3.3
📦
Php

Php

= 4.3.4
📦
Php

Php

= 4.3.5
📦
Php

Php

= 4.3.6
📦
Php

Php

= 4.3.7
📦
Php

Php

= 4.3.8
📦
Php

Php

= 4.3.9
📦
Php

Php

= 4.3.10
📦
Php

Php

= 4.3.11
📦
Php

Php

= 4.4.0
📦
Php

Php

= 4.4.1
📦
Php

Php

= 4.4.2
📦
Php

Php

= 4.4.3
📦
Php

Php

= 4.4.4
📦
Php

Php

= 4.4.5
📦
Php

Php

= 4.4.6
📦
Php

Php

= 4.4.7
📦
Php

Php

= 4.4.8
📦
Php

Php

= 4.4.9
📦
Php

Php

= 5
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.0
📦
Php

Php

= 5.0.1
📦
Php

Php

= 5.0.2
📦
Php

Php

= 5.0.3
📦
Php

Php

= 5.0.4
📦
Php

Php

= 5.0.5
📦
Php

Php

= 5.1.0
📦
Php

Php

= 5.1.1
📦
Php

Php

= 5.1.2
📦
Php

Php

= 5.1.3
📦
Php

Php

= 5.1.4
📦
Php

Php

= 5.1.5
📦
Php

Php

= 5.1.6
📦
Php

Php

= 5.2.0
📦
Php

Php

= 5.2.1
📦
Php

Php

= 5.2.2
📦
Php

Php

= 5.2.3
📦
Php

Php

= 5.2.4
📦
Php

Php

= 5.2.5
📦
Php

Php

= 5.2.6
📦
Php

Php

= 5.2.7
📦
Php

Php

= 5.2.8
📦
Php

Php

= 5.2.9
📦
Php

Php

= 5.2.10

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
🔗 http://marc.info/?l=bugtraq&m=127680701405735&w=2
🔗 http://secunia.com/advisories/37821
🔗 http://secunia.com/advisories/38648
🔗 http://secunia.com/advisories/40262
🔗 http://secunia.com/advisories/41480
🔗 http://secunia.com/advisories/41490
🔗 http://support.apple.com/kb/HT4077

相关漏洞威胁

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-896710.0

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO...

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...