CVE-2008-2666

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.6 and earlier

Description The issue allows context-dependent attackers to bypass safe mode restrictions. This can be achieved by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Recommendations For PHP versions 5.2.6 and earlier, consider restricting access to the chdir and ftok functions as a temporary workaround until a patch is available. Additionally, avoid using ../ (dot dot slash) sequences in http URL arguments to minimize the risk of exploitation.