CVE-2006-6383

Priority
Description
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir
restrictions via a malicious path and a null byte before a ";" in a
session_save_path argument, followed by an allowed path, which causes a
parsing inconsistency in which PHP validates the allowed path but sets
session.save_path to the malicious path.
Notes
Package
Source: php4 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2020-09-09 23:57:23 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)