CVE-2012-0831
7.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.7%
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
References
lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
rhn.redhat.com/errata/RHSA-2013-1307.html
secunia.com/advisories/48668
secunia.com/advisories/55078
support.apple.com/kb/HT5501
svn.php.net/viewvc?view=revision&revision=323016
www.securityfocus.com/bid/51954
www.ubuntu.com/usn/USN-1358-1
exchange.xforce.ibmcloud.com/vulnerabilities/73125
launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz
Social References
More
Related
7.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.7%