Description

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Remediation

References

CVE-2005-3054

Related Vulnerabilities

Oracle Database Server CVE-2009-1963 Vulnerability (CVE-2009-1963)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13980)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

WebLogic Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-8908)

Oracle HTTP Server CVE-2022-21593 Vulnerability (CVE-2022-21593)

Severity

Low

Classification

CVE-2005-3054

Tags

Missing Update Known Vulnerabilities