CVE-2007-1701

Name: CVE-2007-1701
Creator: NVD / NIST
Published: 2007-03-27T01:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.23%

Last modified Jun 16, 2026

CVE-2007-1701 is a vulnerability of currently unknown severity. PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".. EPSS estimates a 9.23% chance of exploitation in the next 30 days.

Description

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

Metrics

EPSS Probability

9.23%

94.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-502

Affected Software

Vendor	Product	Versions
Php	Php	>= 4.0.0, < 4.4.5
Php	Php	>= 5.0.0, < 5.2.1

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137Broken Link
http://secunia.com/advisories/25423Third Party Advisory
http://secunia.com/advisories/25445Third Party Advisory
http://secunia.com/advisories/25850Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xmlThird Party Advisory
http://www.php-security.org/MOPB/MOPB-31-2007.htmlThird Party Advisory
http://www.securityfocus.com/bid/23120Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1991Third Party Advisory
http://www.vupen.com/english/advisories/2007/2374Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33658Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11034Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137Broken Link
http://secunia.com/advisories/25423Third Party Advisory
http://secunia.com/advisories/25445Third Party Advisory
http://secunia.com/advisories/25850Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xmlThird Party Advisory
http://www.php-security.org/MOPB/MOPB-31-2007.htmlThird Party Advisory
http://www.securityfocus.com/bid/23120Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1991Third Party Advisory
http://www.vupen.com/english/advisories/2007/2374Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33658Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11034Third Party Advisory

Timeline

Published: Mar 27, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-1701?

How severe is CVE-2007-1701?

Severity scoring for CVE-2007-1701 is pending analysis. The EPSS model estimates a 9.23% probability of exploitation in the next 30 days.

How do I fix CVE-2007-1701?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-1701?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST