Directory Traversal Vulnerability in PHP 4.4.0 and Other Versions

Directory Traversal Vulnerability in PHP 4.4.0 and Other Versions

CVE-2005-3054 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Learn more about our Web Application Penetration Testing UK.