Description
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.10)
WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)
Dotclear Other Vulnerability (CVE-2007-3688)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)