Description

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

Remediation

References

CVE-2006-4625

Related Vulnerabilities

WordPress Plugin Simple Job Board Cross-Site Scripting (2.4.3)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-0076)

WordPress Plugin cformsII SQL Injection (14.12.3)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.19)

Severity

Low

Classification

CVE-2006-4625

Tags

Missing Update Known Vulnerabilities