Description
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Power Zoomer Arbitrary File Upload (1.2)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.17)
WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (3.2.10)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3542)
WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)