Description
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Remediation
References
Related Vulnerabilities
WordPress Plugin Query Interface Security Bypass (1.1)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)
Oracle Database Server Other Vulnerability (CVE-1999-0784)
Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)
Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)