WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Other Vulnerability (CVE-2005-3054)

Description

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Remediation

References

Related Vulnerabilities

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

PHP Improper Input Validation Vulnerability (CVE-2011-1398)

WordPress Plugin Team Members Unspecified Vulnerability (2.1.2)

XWiki Credentials Management Errors Vulnerability (CVE-2005-4862)

PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2013-1824)

Severity

Low

Classification

CVE-2005-3054

Tags

Missing Update Known Vulnerabilities