Description
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin GlotPress Information Disclosure (2.2.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)
WordPress Plugin Subscriptions & Memberships for PayPal Unspecified Vulnerability (1.1.5)
MySQL CVE-2012-1734 Vulnerability (CVE-2012-1734)
Nginx Integer Overflow or Wraparound Vulnerability (CVE-2017-7529)