Summary
This host is running PHP and is prone to SQL injection vulnerability.
Impact
Successful exploitation could allow local attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier versions.
Impact Level: Application/Network
Solution
upgrade to PHP 5.3.5 or later
For updates refer to http://www.php.net/downloads.php
Insight
The flaw is due to an error in 'set_magic_quotes_runtime()' when the MySQLi extension is used, which fails to properly interact with use of the 'mysqli_fetch_assoc()' function.
Affected
PHP version 5.3.2 to 5.3.3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4700 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability