Description
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)
SharePoint CVE-2021-1707 Vulnerability (CVE-2021-1707)
WEBrick v.1.3 directory traversal
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)