Description

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

Remediation

References

CVE-2006-3011

Related Vulnerabilities

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.17)

WeBid Incorrect Comparison Vulnerability (CVE-2020-23359)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)

WordPress Plugin Gravity Forms SQL Injection (1.9.3.5)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1936)

Severity

Medium

Classification

CVE-2006-3011 CWE-264

Tags

Missing Update Known Vulnerabilities