Description
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booked-Appointment Booking for WordPress Security Bypass (2.2.5)
Piwigo Improper Access Control Vulnerability (CVE-2016-10085)
XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)