Description
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Remediation
References
Related Vulnerabilities
Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)
OpenVPN AS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2061)
WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.1)
WordPress Plugin Avenir-soft Direct Download Multiple Vulnerabilities (1.0)