Description
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Remediation
References
Related Vulnerabilities
Claroline Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3262)
WordPress Plugin Fetch Tweets Cross-Site Scripting (2.6.4)
Squid NULL Pointer Dereference Vulnerability (CVE-2020-14058)
Drupal Core 8.x.x Cross-Site Scripting (8.0.0 - 8.6.18)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0724)