Description
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Remediation
References
Related Vulnerabilities
WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.2)
WordPress Plugin Redirection Page Multiple Vulnerabilities (1.2)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5342)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8286)