CVE-2008-2665
PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.
Attackers can leverage this issue to bypass security restrictions enforced by ‘safe_mode’ to access data outside of the root webserver directory. Successful attacks may allow an attacker to access sensitive information that could aid in further attacks.
<a href target=“_blank”>www.php.net</a>