Description
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2017-10271 Vulnerability (CVE-2017-10271)
Microsoft SQL Server Other Vulnerability (CVE-2001-0344)
WordPress Plugin Booking Package-Appointment Booking Calendar System Cross-Site Scripting (1.5.10)
Oracle Application Server Other Vulnerability (CVE-2004-1774)
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)