PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with PHP and is prone to security bypass vulnerability.

Impact

Successful exploitation could allow remote attackers to gain sensitive information via a crafted request. Impact Level: Application

Solution

Upgrade to PHP Version 5.3.10 or later, For updates refer to http://php.net/downloads.php

Insight

The flaw is due to an error in importing environment variables, it not properly performing a temporary change to the 'magic_quotes_gpc' directive during the importing of environment variables.

Affected

PHP Version 5.3.9 and prior on windows.

References

http://svn.php.net/viewvc?view=revision&revision=323016
http://www.securityfocus.com/bid/51954/info

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0831

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Apple Mac OS X Authentication Bypass Vulnerability
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)

Take action and discover your vulnerabilities