Description
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Author Image Information Disclosure (1.5)
WordPress Plugin Thrive Dashboard Security Bypass (2.3.9.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0215)
WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)