The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | 4.3.0 (including) | 4.3.0 (including) |
Php | Php | 4.3.1 (including) | 4.3.1 (including) |
Php | Php | 4.3.2 (including) | 4.3.2 (including) |