Description
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Remediation
References
Related Vulnerabilities
WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.2.9.2)
WordPress Plugin Word of the day Arbitrary File Upload (1.0)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-4987)