Description
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2023-21960 Vulnerability (CVE-2023-21960)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)
WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)
Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)