Description

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Remediation

References

CVE-2003-0863

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-41585)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5733)

WordPress Plugin Advanced Import:One Click Import for WordPress or Theme Demo Data Cross-Site Request Forgery (1.3.7)

WordPress Plugin Woocommerce Payment Gateway per Category Cross-Site Scripting (2.0.10)

PHP Improper Input Validation Vulnerability (CVE-2012-2336)

Severity

High

Classification

CVE-2003-0863

Tags

Missing Update Known Vulnerabilities