CVE-2006-6383

Name of the Vulnerable Software and Affected Versions PHP versions 4.4 through 5.2.0

Description The issue allows local users to bypass safe mode and open basedir restrictions. This is achieved by providing a malicious path and a null byte before a ";" in a session save path argument, followed by an allowed path. The parsing inconsistency causes PHP to validate the allowed path but set session.save path to the malicious path.

Recommendations For PHP versions 4.4 through 5.2.0, consider updating to a version where this issue is resolved, as using a malicious path in the session save path argument can lead to security bypasses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.