Unrated severityNVD Advisory· Published Aug 31, 2006· Updated Jun 16, 2026

CVE-2006-4481

Description

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

PHP/PHP5 versions
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- (no CPE)range: <5.1.5

Patches

Vulnerability mechanics

References

secunia.com/advisories/21546nvdPatchVendor Advisory
secunia.com/advisories/21768nvdPatchVendor Advisory
secunia.com/advisories/21842nvdPatchVendor Advisory
www.php.net/release_5_1_5.phpnvdPatch
secunia.com/advisories/22039nvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2006_52_php.htmlnvd
www.securityfocus.com/bid/19582nvd
www.ubuntu.com/usn/usn-342-1nvd
www.vupen.com/english/advisories/2006/3318nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000