Description
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0262 Vulnerability (CVE-2006-0262)
WordPress 4.6.x Possible SQL Injection Vulnerability (4.6 - 4.6.7)
WordPress Plugin Simple Security Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
WordPress Plugin YITH WooCommerce Ajax Product Filter Cross-Site Scripting (3.11.0)