Unspecified vulnerability in the session extension functionality in PHP prior to 5.1.3 has unknown impact and attack vectors related to heap corruption.
The phpinfo() PHP function did not properly sanitize long strings A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo() Please note that it is not recommended to publicly expose
phpinfo() (CVE-2006-0996) ...