Description
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
Remediation
References
Related Vulnerabilities
WordPress Plugin ThemeREX Addons Remote Code Execution (All)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24)
Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)