Description
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
Remediation
References
Related Vulnerabilities
WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Cross-Site Request Forgery (1.4.3)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)
WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)
WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)