Description
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (3.2.12)
WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)
phpBB Improper Initialization Vulnerability (CVE-2001-1471)
MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)
WordPress Plugin Walk Score Multiple Cross-Site Scripting Vulnerabilities (0.5.5)