Description

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Remediation

References

CVE-2003-0863

Related Vulnerabilities

MySQL CVE-2018-3170 Vulnerability (CVE-2018-3170)

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)

WordPress Plugin WP Ad Guru Lite Cross-Site Scripting (1.6.0)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.25)

Severity

High

Classification

CVE-2003-0863

Tags

Missing Update Known Vulnerabilities