Description

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

Remediation

References

CVE-2004-1392

Related Vulnerabilities

WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.6.2)

Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

WordPress Plugin Count per Day Information Disclosure (3.2.5)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)

Severity

Medium

Classification

CVE-2004-1392

Tags

Missing Update Known Vulnerabilities