Description
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-3399)
Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3745)
ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)