Description
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
Remediation
References
Related Vulnerabilities
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3890)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Cross-Site Scripting (1.1.46)
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24)
MySQL CVE-2012-0075 Vulnerability (CVE-2012-0075)
WordPress Plugin WooCommerce Multi Currency-Currency Switcher Security Bypass (2.1.17)