Description
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
Remediation
References
Related Vulnerabilities
Django Improper Input Validation Vulnerability (CVE-2014-0480)
WordPress Plugin Visitors Cross-Site Scripting (0.3)
Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)
Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9690)