CVE-2005-3392

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.1

Description The issue allows remote attackers to bypass safe mode and open basedir directives, potentially leading to the disclosure of sensitive information and a loss of confidentiality. This is related to an unspecified flaw in the virtual() function when PHP is used as an Apache 2 module.

Recommendations For PHP versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the virtual() function until a patch is available. Restrict access to sensitive information and configuration directives to minimize the risk of exploitation.