10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.9%
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the
file path before passing the data to the realpath function, which could
allow attackers to bypass safe mode. NOTE: this issue was originally
REJECTed by its CNA before publication, but that decision is in active
dispute. This candidate may change significantly in the future as a result
of further discussion.