Frame

Name of the Vulnerable Software and Affected Versions: PHP version 4.0 Description: The issue allows remote attackers to bypass the open basedir setting, potentially leading to a loss of confidentiality. This is triggered when cURL functions fail to comply with the open basedir directive, which is designed to restrict PHP scripts. Attackers may be able to read arbitrary files via a file: URL argument to the `curl init()` function. Recommendations: For PHP version 4.0, consider disabling the `curl init()` function until a patch is available to prevent bypassing the open basedir setting. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpDig versions 1.6.5 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `relative script path` parameter to reference a URL on a remote web server that contains the code. This can be done through the config.php file. **Recommendations** For PhpDig versions 1.6.5 and earlier, as a temporary workaround, consider restricting access to the config.php file and avoid using the `relative script path` parameter to reference external URLs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.