Description

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Remediation

References

CVE-2007-4889

Related Vulnerabilities

LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)

MySQL CVE-2016-3471 Vulnerability (CVE-2016-3471)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.3.10)

WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.23)

WordPress Plugin Elementor Website Builder Unspecified Vulnerability (3.0.15)

Severity

Medium

Classification

CVE-2007-4889

Tags

Missing Update Known Vulnerabilities