Main Vulnerability Database Exploits ID:11589 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2010-1130

ID:11589 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2010-1130

Published: June 12, 2025

Vulnerability identifier: #VU110311

Vulnerability risk: Medium

CVE-ID: CVE-2010-1130

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/33625/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to corrupt data.

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Remediation

Install update from vendor's website.

ID:11589 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2010-1130

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human