Description

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Remediation

References

CVE-2008-2666

Related Vulnerabilities

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)

WordPress Plugin Rise Blocks-A Complete Gutenberg Page Builder Unspecified Vulnerability (1.0.0)

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5307)

Envoy Proxy Improper Input Validation Vulnerability (CVE-2019-9900)

Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)

Severity

Medium

Classification

CVE-2008-2666 CWE-22

Tags

Missing Update Known Vulnerabilities