The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | 4.3.0 | 4.3.0 |
Php | Php | 4.3.1 | 4.3.1 |
Php | Php | 4.3.2 | 4.3.2 |