Description

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

Remediation

References

CVE-2007-4850

Related Vulnerabilities

Oracle Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-2347)

phpBB Improper Input Validation Vulnerability (CVE-2019-9826)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.21)

WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)

Severity

Medium

Classification

CVE-2007-4850 CWE-264

Tags

Missing Update Known Vulnerabilities