Description
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin ZM Gallery SQL Injection (1.0)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9837)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2)
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)