CVE-2007-0448 Information

Description

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI as demonstrated via the srpath URI.

Reference

http://securityreason.com/achievement_securityalert/44 http://securityreason.com/securityalert/2175 http://www.securityfocus.com/bid/22261