Description

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

Remediation

References

CVE-2010-4700

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-3011)

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.24)

WordPress Plugin YITH Desktop Notifications for WooCommerce Security Bypass (1.2.7)

Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9948)

WordPress Plugin Booking Calendar Local File Inclusion (7.0)

Severity

Medium

Classification

CVE-2010-4700 CWE-138

Tags

Missing Update Known Vulnerabilities