The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-05-24T18:00:00
Updated: 2007-07-27T09:00:00
Reserved: 2007-01-23T00:00:00
Link: CVE-2007-0448
JSON object: View
NVD Information
Status : Analyzed
Published: 2007-05-24T18:30:00.000
Modified: 2008-09-11T00:49:19.397
Link: CVE-2007-0448
JSON object: View
Redhat Information
No data.
CWE