CVE-2006-3011

Name of the Vulnerable Software and Affected Versions PHP versions 4.4.2 through 4.4.3 PHP versions 5.1.4 and earlier

Description The issue allows local users to bypass safe mode and open basedir restrictions. This is due to an input validation error in the error log() function, specifically in the processing of the destination parameter. The vulnerability can be exploited via directory traversal attacks using the "php://" wrapper.

Recommendations For PHP versions 4.4.2 through 4.4.3, update to version 4.4.4 or later. For PHP versions 5.1.4 and earlier, update to version 5.1.5 or later. As a temporary workaround, consider restricting the use of the error log() function until a patch is available.