Description

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

Remediation

References

CVE-2007-3997

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

WordPress Plugin Email Users Cross-Site Scripting (4.8.2)

Java Unspesificed Vulnerability (CVE-2020-14798)

OpenSSL Other Vulnerability (CVE-2005-2969)

WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)

Severity

High

Classification

CVE-2007-3997 CWE-264

Tags

Missing Update Known Vulnerabilities