PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypass Vulnerabilities
PHP is prone to multiple 'safe_mode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible.
Exploiting these issues allows attackers to obtain sensitive data that could be used in other attacks.
These vulnerabilities would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restriction is expected to isolate users from each other.
PHP 5.2.6 is vulnerable; other versions may also be affected.