PHP PHP_INI_SYSTEM Ineffective Controls
Posted on 22 May 2019
Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.