Advisory: security controls configured in php.ini could be bypassed on Linux

Posted by Imre Rad on May 20″PHP is a popular general-purpose scripting language that is
especially suited to web development."

PHP has deployed several features over the years that are prone to
incorrect architectural decisions (safe mode
https://www.php.net/manual/en/features.safe-mode.php or open_basedir
http://news.php.net/php.internals/105606), to have unexpected security
implications (register globals
https://www.php.net/manual/en/security.globals.php), or…

Link: https://seclists.org/bugtraq/2019/May/52