Description

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

Remediation

References

CVE-2006-3011

Related Vulnerabilities

WebLogic CVE-2017-10271 Vulnerability (CVE-2017-10271)

Microsoft SQL Server Other Vulnerability (CVE-2001-0344)

WordPress Plugin Booking Package-Appointment Booking Calendar System Cross-Site Scripting (1.5.10)

Oracle Application Server Other Vulnerability (CVE-2004-1774)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)

Severity

Medium

Classification

CVE-2006-3011 CWE-264

Tags

Missing Update Known Vulnerabilities