Description

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Remediation

References

CVE-2007-4889

Related Vulnerabilities

Apache httpd remote denial of service

Oracle Database Server CVE-2011-0835 Vulnerability (CVE-2011-0835)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-6832)

Drupal Improper Input Validation Vulnerability (CVE-2013-6389)

Drupal Improper Input Validation Vulnerability (CVE-2022-25271)

Severity

Medium

Classification

CVE-2007-4889

Tags

Missing Update Known Vulnerabilities