Description
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Remediation
References
Related Vulnerabilities
WordPress Plugin SpiderCatalog Unspecified Vulnerability (1.6.8)
Grafana Improper Authentication Vulnerability (CVE-2021-39226)
WordPress Plugin WooSidebars Cross-Site Scripting (1.4.1)
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999003)
Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)