Description
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
Remediation
References
Related Vulnerabilities
WordPress Plugin PhotoSmash Galleries 'action' Parameter Cross-Site Scripting (1.0.2)
WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)
ZenCart Improper Input Validation Vulnerability (CVE-2009-4321)
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)