2
Candidate: CVE-2007-1701
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1701
6
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is
7
enabled, allows context-dependent attackers to execute arbitrary code via
8
deserialization of session data, which overwrites arbitrary global
9
variables, as demonstrated by calling session_decode on a string beginning
10
with "_SESSION|s:39:".
14
dapper_php4: not-affected
15
edgy_php4: not-affected
18
dapper_php5: not-affected
19
edgy_php5: not-affected
20
feisty_php5: not-affected
21
devel_php5: not-affected