Description
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
Remediation
References
Related Vulnerabilities
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-47828)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)
WordPress Plugin Livemesh Addons for Elementor Security Bypass (2.5.2)
Oracle JRE CVE-2022-21549 Vulnerability (CVE-2022-21549)
Moodle Improper Access Control Vulnerability (CVE-2016-8643)