Description
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
Remediation
References
Related Vulnerabilities
WordPress 3.8.x PHP Object Injection (3.8 - 3.8.35)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)
WordPress Plugin Easy Image Gallery Cross-Site Scripting (1.1.1)
Oracle Database Server Other Vulnerability (CVE-2005-3641)
WordPress Plugin Advance Menu Manager Cross-Site Request Forgery (2.9.6)