Description
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
Remediation
References
Related Vulnerabilities
WordPress Plugin Thrive Ultimatum Security Bypass (2.3.9.3)
WordPress Plugin Product Import Export for WooCommerce Cross-Site Request Forgery (1.7.4)
Oracle Database Server CVE-2012-0082 Vulnerability (CVE-2012-0082)
WordPress Multiple Cross-Site Scripting Vulnerabilities (4.1 - 4.2.1)
WordPress Plugin Facebook Photo Fetcher Unspecified Vulnerability (2.1.17)