CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4731

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.3%

CVSS Severity

CVSS v2 Score 5.0

References

http://pear.php.net/bugs/bug.php?id=3443
http://pear.php.net/package/HTML_QuickForm_Controller/download
http://www.osvdb.org/23766
http://pear.php.net/bugs/bug.php?id=3443
http://pear.php.net/package/HTML_QuickForm_Controller/download
http://www.osvdb.org/23766

Products affected by CVE-2005-4731

The Php Group » Pear Html Quickform Controller » Version: 1.0.4

cpe:2.3:a:the_php_group:pear_html_quickform_controller:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4731

Products

Pricing

Contact Us