The zip:// URL Wrapper defined by the PECL zip extension shipped with PHP 5.2.x does not perform any safemode or open_basedir checks and therefore allows access to archives outside the basedir or safemode restrictions.
Affected is PHP <= 5.2.1
No details needed
Proof of concept, exploit or instructions to reproduce
To test this vulnerability just activate safemode or open_basedir in your configuration and try to access an archive outside the allowed area through the zip:// URL Wrapper.
Safemode and open_basedir are flawed by design and will always have security holes like this one (or all the local exploits we demonstrated). The security of your server setup should therefore NEVER rely on these directives.