Description
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)
WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)
MySQL CVE-2018-3182 Vulnerability (CVE-2018-3182)
WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)