Lucene search

PRIOn knowledge basePRION:CVE-2010-4700

HistoryJan 18, 2011 - 8:00 p.m.

Sql injection

2011-01-1820:00:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%

JSON

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

CPENameOperatorVersion
phpeq5.3.3
phpeq5.3.2

CPE	Name	Operator	Version
	php	eq	5.3.3
	php	eq	5.3.2

References

bugs.php.net/52221

www.php.net/ChangeLog-5.php

www.securityfocus.com/bid/46056

exchange.xforce.ibmcloud.com/vulnerabilities/64964

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for PRION:CVE-2010-4700