David Sveningsson

**Name of the Vulnerable Software and Affected Versions** PHP Toolkit versions prior to 1.0.1 **Description** The issue is related to an interpretation conflict in the PHP Toolkit that could allow local users to cause a denial of service and read the contents of PHP scripts. This is achieved by creating a file with a one-letter lowercase alphabetic name, which triggers the interpretation of a certain unquoted `[a-z]` argument as a matching shell glob for this name, rather than as the literal `[a-z]` regular-expression string. As a result, the launch of the PHP interpreter within the Apache HTTP Server is blocked. **Recommendations** For PHP Toolkit versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.