CVE-2007-0448 Information
Share on:
Feb 14, 2021
cve
Description
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI as demonstrated via the srpath URI.
Reference
http://securityreason.com/achievement_securityalert/44 http://securityreason.com/securityalert/2175 http://www.securityfocus.com/bid/22261