Description
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2019-2887 Vulnerability (CVE-2019-2887)
WordPress Plugin Editorial Calendar Multiple Vulnerabilities (2.6)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2006-4343)
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)