Description

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Remediation

References

CVE-2003-0863

Related Vulnerabilities

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8101)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29526)

WordPress Plugin Duplicate Page Unspecified Vulnerability (3.5)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2015-9253)

Severity

High

Classification

CVE-2003-0863

Tags

Missing Update Known Vulnerabilities