Description
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)
WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)
Drupal Core 8.x Security Bypass (8.0.0 - 8.1.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)