CVE-2007-5899

EPSS 1.71% · P82 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-5899

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP output_add_rewrite_var函数多个安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP 5.2.5之前版本重写output_add_rewrite_var函数的局部形式的行动属性引用一个非本地的URL，远程攻击者通过阅读获得此URL的要求潜在的敏感信息，包含一个改写形式展示了本地会话ID。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-5899

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-5899

Please Login to view more intelligence information

http://www.php.net/releases/5_2_5.phpx_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1943x_refsource_CONFIRM
http://www.php.net/ChangeLog-5.php#5.2.5x_refsource_CONFIRM
http://bugs.php.net/bug.php?id=42869x_refsource_CONFIRM
https://launchpad.net/bugs/173043x_refsource_CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242x_refsource_CONFIRM
http://secunia.com/advisories/27659third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31119third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28249third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27864third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31200third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/38918vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/30040third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30828third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1444vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-628-1vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-549-2vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/archive/1/491693/100/0/threadedvendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2008-0544.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0546.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0545.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0505.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127vendor-advisoryx_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125vendor-advisoryx_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.htmlvendor-advisoryx_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2007-5899

Same Patch Batch · n/a · 2007-11-20 · 45 CVEs total

CVE-2007-6052		IBM DB2 UDB 向量集合拒绝服务攻击漏洞
CVE-2007-6055		Novell Teaming用户枚举和跨站脚本漏洞
CVE-2007-6054		Aruba MC-800 Mobility Controller 管理界面登录页面跨站脚本攻击漏洞
CVE-2007-6056		AIDA Web Frame.HTML 权限许可和访问控制漏洞
CVE-2007-6059		Sun JavaMail SQLNestedException 拒绝服务攻击漏洞
CVE-2007-6060		AhnLab V3 ZIP文件解析内存破坏漏洞
CVE-2003-0857		iptables中(1)ipq_read和(2) ipulog_read函数服务拒绝漏洞
CVE-2007-6061		Audacity 后置链接漏洞
CVE-2007-6062		ngIRCd irc-channel.c 拒绝服务漏洞
CVE-2007-6058		ProfileCMS index.php多个参数 SQL注入漏洞
CVE-2007-6053		IBM DB2 UD 内存崩溃漏洞
CVE-2007-6051		IBM DB2 UDB DB2ADMNS/DB2USERS 访问控制漏洞
CVE-2007-6050		IBM DB2 UD DB2LICD 未明漏洞
CVE-2007-6049		IBM DB2 UDB SSL LOAD GSKIT 未明漏洞
CVE-2007-6048		IBM DB2 UDB DB2NODES.CFG 权限许可和访问控制漏洞
CVE-2007-6047		IBM DB2 DB2DART工具权限提升漏洞
CVE-2007-6046		IBM DB2 UDB 未明setuid程序未明漏洞
CVE-2007-6045		IBM DB2 UDB DB2WATCH/DB2FREEZE 未明漏洞
CVE-2007-6044		IBM WebSphere MQ 多个未明远程内存崩溃漏洞
CVE-2007-6043		Microsoft Windows不安全随机数生成器信息泄露漏洞

Showing top 20 of 45 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-5899

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-5899

I. Basic Information for CVE-2007-5899

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-5899

III. Intelligence Information for CVE-2007-5899

Same Patch Batch · n/a · 2007-11-20 · 45 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-5899

Leave a comment