The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in PHP before 5.3.4 which allows a NULL byte injection where anything after a null byte in a string is truncated. Successful exploitation allows an attacker to bypass intended access restrictions by placing a safe file extension after a NULL character.