CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-4731

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile16.67th
Published2005年12月31日
Last Modified2026年4月16日

Vulnerability Description

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

Affected Platforms (CPE)

📦
The Php Group

Pear Html Quickform Controller

= 1.0.4

References & Advisories

🔗 http://pear.php.net/bugs/bug.php?id=3443
🔗 http://pear.php.net/package/HTML_QuickForm_Controller/download
🔗 http://www.osvdb.org/23766
🔗 http://pear.php.net/bugs/bug.php?id=3443
🔗 http://pear.php.net/package/HTML_QuickForm_Controller/download
🔗 http://www.osvdb.org/23766

相關漏洞威脅

CVE-2005-044110.0

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticat...

CVE-2005-063510.0

Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

CVE-2005-063610.0

Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execut...