CVE-2005-3054

Published: 26 September 2005

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Priority

Unknown

Status

Package Release Status
php4
Launchpad, Ubuntu, Debian
Upstream Needs triage

php5
Launchpad, Ubuntu, Debian
Upstream Needs triage