The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote malicious users to exploit file include vulnerabilities in PHP applications.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 4.3.0 |
||
php php 4.3.2 |
||
php php 4.3.1 |