Red Hat Bugzilla – Bug 177722
SA18431 PHP Multiple Vulnerabilities
Last modified: 2007-11-30 17:11:20 EST
"1) Input passed to the session ID in the session extension isn't properly
sanitised before being returned to the user via a "Set-Cookie" HTTP header.
2) A format string error in the processing of error messages in the mysqli
extension may be exploited to execute arbitrary code by causing an exception in
an application where the error message can be controlled by the attacker.
3) Some unspecified input passed under certain error conditions isn't properly
sanitised before being returned to the user."
These affected PHP <5.1.2.