Description

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

Remediation

References

CVE-2006-1608

Related Vulnerabilities

Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2022-48565)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.27)

Oracle Application Server CVE-2007-5516 Vulnerability (CVE-2007-5516)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0216)

Severity

Low

Classification

CVE-2006-1608

Tags

Missing Update Known Vulnerabilities