Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.2 / 5.2.13. Such versions are potentially affected by multiple vulnerabilities :
- A safe_mode validation issue inside 'tempnam()' when the directory path does not end with a '/'.
- A possible open_basedir/safe_mode bypass in the session extension.
Solution
Upgrade to PHP version 5.3.2 / 5.2.13 or later.