Description
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-0282 Vulnerability (CVE-2006-0282)
e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)
WordPress Plugin UpdraftPlus WordPress Backup Privilege Escalation (1.23.2)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-26045)