Description
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
Remediation
References
Related Vulnerabilities
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2022-48565)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.27)
Oracle Application Server CVE-2007-5516 Vulnerability (CVE-2007-5516)