Description
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Football Pool Arbitrary File Upload (2.6.3)
Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)
WordPress Plugin Revive Old Post-Auto Post to Social Media 'cat' Parameter SQL Injection (3.2.5)
WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.1)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11586)