PHP Improper Input Validation Vulnerability - CVE-2006-7243

PHP before 5.3.4 accepts the 0 character in a pathname which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character as demonstrated by .php0.jpg at the end of the argument to the file_exists function.