Описание
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.3.10-1ubuntu1 |
| hardy | released | 5.2.4-2ubuntu5.22 |
| lucid | released | 5.3.2-1ubuntu4.13 |
| maverick | released | 5.3.3-1ubuntu9.9 |
| natty | released | 5.3.5-1ubuntu7.6 |
| oneiric | released | 5.3.6-13ubuntu3.5 |
| upstream | released | 5.3.10 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
PHP before 5.3.10 does not properly perform a temporary change to the ...
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
ELSA-2013-0514: php security, bug fix and enhancement update (MODERATE)
EPSS
6.8 Medium
CVSS2