WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2012-0831)

Description

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.

Remediation

References

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)

Python Improper Input Validation Vulnerability (CVE-2018-20852)

Apache HTTP Server Other Vulnerability (CVE-2002-2103)

Internet Information Services Other Vulnerability (CVE-2000-0770)

Moodle Improper Authentication Vulnerability (CVE-2011-4590)

Severity

Medium

Classification

CVE-2012-0831 CWE-20

Tags

Missing Update Known Vulnerabilities