Description

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

Remediation

References

CVE-2007-4850

Related Vulnerabilities

WordPress Plugin Power Charts-Responsive Beautiful Charts & Graphs Cross-Site Scripting (0.1.0)

WordPress Plugin WordPress Filter Gallery Security Bypass (0.0.6)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18259)

Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.13)

WordPress Plugin Advance Search for WooCommerce Cross-Site Scripting (1.0.9)

Severity

Medium

Classification

CVE-2007-4850 CWE-264

Tags

Missing Update Known Vulnerabilities