Description
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34)
WordPress Plugin Page Generator Cross-Site Scripting (1.5.8)