Lucene search

[email protected]CVE-2010-4700

HistoryJan 18, 2011 - 8:00 p.m.

CVE-2010-4700

2011-01-1820:00:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4700

php 5.3.2

php 5.3.3

set_magic_quotes_runtime

mysqli extension

mysqli_fetch_assoc

sql injection

nvd

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.0%

JSON

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

CPENameOperatorVersion
php:phpphpeq5.3.3
php:phpphpeq5.3.2

CPE	Name	Operator	Version
php:php	php	eq	5.3.3
php:php	php	eq	5.3.2

References

bugs.php.net/52221

www.php.net/ChangeLog-5.php

www.securityfocus.com/bid/46056

exchange.xforce.ibmcloud.com/vulnerabilities/64964

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2010-4700

openvas6 prion1 ubuntucve1 nessus6 securityvulns1 gentoo1