Description

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Remediation

References

CVE-2002-0229

Related Vulnerabilities

WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution 'uploadify.php' Arbitrary File Upload (1.6.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23178)

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

WordPress Plugin Community Events SQL Injection (1.3.5)

Severity

High

Classification

CVE-2002-0229

Tags

Missing Update Known Vulnerabilities