Description

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

Remediation

References

CVE-2010-4700

Related Vulnerabilities

TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Cross-Site Scripting (19.6.24)

LimeSurvey CVE-2019-16180 Vulnerability (CVE-2019-16180)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0196)

WordPress Plugin Sign-up Sheets Cross-Site Scripting (1.0.13)

Severity

Medium

Classification

CVE-2010-4700 CWE-138

Tags

Missing Update Known Vulnerabilities