Back to search
CVE-2012-0831
Published: Feb 10, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1358-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2012:0411
vendor-advisory
x_refsource_SUSE
55078
third-party-advisory
x_refsource_SECUNIA
http://svn.php.net/viewvc?view=revision&revision=323016
x_refsource_CONFIRM
openSUSE-SU-2012:0426
vendor-advisory
x_refsource_SUSE
SUSE-SU-2012:0472
vendor-advisory
x_refsource_SUSE
48668
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2012-09-19-2
vendor-advisory
x_refsource_APPLE
RHSA-2013:1307
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
FEDORA-2012-6907
vendor-advisory
x_refsource_FEDORA
https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz
x_refsource_CONFIRM
php-magicquotesgpc-sec-bypass(73125)
vdb-entry
x_refsource_XF
51954
vdb-entry
x_refsource_BID
FEDORA-2012-6911
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now