SUSE CVE-2009-4018
The procopen function in ext/standard/procopen.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the 1 safemodeallowedenvvars and 2 safemodeprotectedenvvars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, a...