Description
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Remediation
References
Related Vulnerabilities
PostgreSQL CVE-2024-10978 Vulnerability (CVE-2024-10978)
Ruby Interpretation Conflict Vulnerability (CVE-2021-33621)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)
Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)