Description
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)
WordPress Plugin Contextual Adminbar Color Cross-Site Scripting (0.2)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)
Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)