PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

info
discussion
exploit
solution
references

PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

PHP on Apache 2 is prone to a restriction-bypass vulnerability when calling 'virtual()'. Successful exploitation could lead to disclosure of sensitive information.

This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.