Summary
PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error.
Successful exploits could allow an attacker to read and write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code.
In such cases, 'open_basedir' restrictions are expected to isolate users from each other.
PHP 5.2.11 and 5.3.0 are vulnerable
other versions may also be
affected.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Allaire JRun directory browsing vulnerability