php -- input validation error in safe_mode

2008-06-17T00:00:00
ID EE6FA2BD-406A-11DD-936A-0015AF872849
Type freebsd
Reporter FreeBSD
Modified 2008-09-04T00:00:00

Description

According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safe_mode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expand_filepath() may be affected. It should be noted that this vulnerability is not considered to be serious by the FreeBSD Security Team, since safe_mode and open_basedir are insecure by design and should not be relied upon.