Description
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Remediation
References
Related Vulnerabilities
WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)
WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)
WordPress Plugin Contact Form With Captcha Cross-Site Request Forgery (1.6.2)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)