CVE-2004-1392

Name of the Vulnerable Software and Affected Versions: PHP version 4.0

Description: The issue allows remote attackers to bypass the open basedir setting, potentially leading to a loss of confidentiality. This is triggered when cURL functions fail to comply with the open basedir directive, which is designed to restrict PHP scripts. Attackers may be able to read arbitrary files via a file: URL argument to the curl init() function.

Recommendations: For PHP version 4.0, consider disabling the curl init() function until a patch is available to prevent bypassing the open basedir setting. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.