PHP 'set_magic_quotes_runtime()' SQL Injection Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to SQL injection vulnerability.

Impact

Successful exploitation could allow local attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier versions. Impact Level: Application/Network

Solution

upgrade to PHP 5.3.5 or later For updates refer to http://www.php.net/downloads.php

Insight

The flaw is due to an error in 'set_magic_quotes_runtime()' when the MySQLi extension is used, which fails to properly interact with use of the 'mysqli_fetch_assoc()' function.

Affected

PHP version 5.3.2 to 5.3.3

References

http://bugs.php.net/52221
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4700

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Archiva Multiple Vulnerabilities
AlienForm CGI script
An Image Gallery Directory Traversal Vulnerability

Take action and discover your vulnerabilities