Description

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Remediation

References

CVE-2006-1608

Related Vulnerabilities

WordPress Plugin WordPress Slider Block Gutenslider Cross-Site Scripting (5.1.5)

WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Security Bypass (1.6.15)

WordPress Plugin History Collection Arbitrary File Download (1.1.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6037)

Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)

Severity

Low

Classification

CVE-2006-1608

Tags

Missing Update Known Vulnerabilities