Michal Krause

**Name of the Vulnerable Software and Affected Versions** PHP versions 4.3.x **Description** The issue arises from the php check safe mode include dir function in fopen wrappers.c, which returns a success value when the safe mode include dir variable is not specified in the configuration. This behavior differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. **Recommendations** For PHP version 4.3.x, consider specifying the safe mode include dir variable in the configuration to prevent potential exploitation of file include vulnerabilities.