Description
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Remediation
References
Related Vulnerabilities
WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)
Oracle Application Server CVE-2006-3713 Vulnerability (CVE-2006-3713)
XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.18)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)