Description

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Remediation

References

CVE-2005-3054

Related Vulnerabilities

Oracle JRE CVE-2013-1571 Vulnerability (CVE-2013-1571)

Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)

WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33939)

Joomla Improper Input Validation Vulnerability (CVE-2015-8562)

Severity

Low

Classification

CVE-2005-3054

Tags

Missing Update Known Vulnerabilities