PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1171)
Description
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.