Description
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Remediation
References
Related Vulnerabilities
WordPress Plugin PushEngage Web Push Notifications Cross-Site Scripting (1.5.8)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-5379)
WordPress Plugin WP Google Maps SQL Injection (7.11.17)
WordPress Plugin Nokia Maps & Places Cross-Site Scripting (1.6.6)