Description
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.
Remediation
References
Related Vulnerabilities
phpMyAdmin Cryptographic Issues Vulnerability (CVE-2008-7252)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4287)
Apache HTTP Server CVE-2018-11763 Vulnerability (CVE-2018-11763)
WordPress Plugin WP-StarsRateBox 'j' Parameter SQL Injection (1.1)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)