Description
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0714)
SharePoint CVE-2020-1178 Vulnerability (CVE-2020-1178)
Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)
WordPress Plugin WP Simple Booking Calendar Cross-Site Request Forgery (1.3)