Description
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
Remediation
References
Related Vulnerabilities
WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9)
MediaWiki Improper Authentication Vulnerability (CVE-2013-4304)
OpenSSL Improper Authentication Vulnerability (CVE-2010-4252)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-47166)
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (7.3.3)