Description
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)
WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (2.1.77)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2019-9512)
Squid Improper Encoding or Escaping of Output Vulnerability (CVE-2021-31806)