Description
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)
WordPress Plugin AnyVar Cross-Site Scripting (0.1.1)
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
WordPress Plugin Print-O-Matic Cross-Site Scripting (2.0.2)
phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)