The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP prior to 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows malicious users to perform unauthorized actions, possibly related to the realpath cache.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |