Description
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Cross-Site Request Forgery (2.0.2)
WordPress Plugin SP Project & Document Manager Multiple SQL Injection Vulnerabilities (2.4.3)
WordPress Plugin Daily Prayer Time Cross-Site Request Forgery (2023.03.08)
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.8.12)