Description
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
Remediation
References
Related Vulnerabilities
Python Improper Input Validation Vulnerability (CVE-2026-4519)
MySQL CVE-2017-3634 Vulnerability (CVE-2017-3634)
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-32780)
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958)
WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)