Description
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Plugmatter Optin Feature Box Multiple SQL Injection Vulnerabilities (2.0.13)
Oracle JRE CVE-2017-10349 Vulnerability (CVE-2017-10349)
Joomla! Core 1.0.5 Security Bypass (1.0.5)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0793)
WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)