Description
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Remediation
References
Related Vulnerabilities
IBM RTC Other Vulnerability (CVE-2015-0112)
WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)
WordPress 5.3.x Directory Traversal (5.3 - 5.3.17)
WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)