CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
21.1%
Race condition in the symlink function in PHP 5.1.6 and earlier allows
local users to bypass the open_basedir restriction by using a combination
of symlink, mkdir, and unlink functions to change the file path after the
open_basedir check and before the file is opened by the underlying system,
as demonstrated by symlinking a symlink into a subdirectory, to point to a
parent directory via … (dot dot) sequences, and then unlinking the
resulting symlink.