Description
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advance Search for WooCommerce Cross-Site Scripting (1.0.9)
SharePoint Integer Overflow or Wraparound Vulnerability (CVE-2008-4019)
WordPress Plugin Game Server Status Multiple Vulnerabilities (1.0)
WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1)
WordPress Plugin Peter's Login Redirect Multiple Vulnerabilities (2.9.0)