Description
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin MobileView by ColorLabs & Company Cross-Site Scripting (1.0.7)
WordPress Cross-Site Scripting Vulnerability (3.9 - 4.1.1)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)