Description
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3546)
Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994)
WordPress Plugin MailChimp for WooCommerce Local File Inclusion (2.1.1)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)