CVE-2006-6383 (retired)

Priority
Description
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir
restrictions via a malicious path and a null byte before a ";" in a
session_save_path argument, followed by an allowed path, which causes a
parsing inconsistency in which PHP validates the allowed path but sets
session.save_path to the malicious path.
Notes
Package
Source: php4 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:05:03 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)