Description
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)
WordPress Plugin Multi Feed Reader Multiple Vulnerabilities (2.2.4)
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)