Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6470


Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6470
Last Modified 05 Sep 2008 05:33:19
Published 19 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

Vulnerable Systems


  • Phprpg 0.8


BID - 26884

SECUNIA - 27968

BUGTRAQ - 20071214 PHP RPG - Sql Injection and Session Information Disclosure

Last Updated: 27 May 2016 10:46:31