Description

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

Remediation

References

CVE-2006-3011

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0123)

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

WordPress Plugin Simple Photo Gallery SQL Injection (1.7.9)

WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)

WordPress Plugin DW Question & Answer Cross-Site Scripting (1.4.2.2)

Severity

Medium

Classification

CVE-2006-3011 CWE-264

Tags

Missing Update Known Vulnerabilities