4.3 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.3%
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows
context-dependent attackers to bypass safe_mode restrictions and read
arbitrary files by referring to local files with a certain URL syntax
instead of a pathname syntax, as demonstrated by a filename preceded a
“php://…/…/” sequence.