Description
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-1689 Vulnerability (CVE-2012-1689)
WordPress Cross-Site Scripting Vulnerability (3.0 - 3.6.1)
Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)
MySQL CVE-2018-2779 Vulnerability (CVE-2018-2779)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-33359)