6 matches found
SUSE CVE-2007-3997
The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...
PHP 5.3.2 <= 5.3.3 SQLi Vulnerability
PHP is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
CVE-2010-4700
The setmagicquotesruntime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqlifetchassoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly...
CVE-2010-4700
CVE-2010-4700 concerns PHP 5.3.2/5.3.3: when using the MySQLi extension, set_magic_quotes_runtime does not interact correctly with mysqli_fetch_assoc, potentially enabling context-dependent attackers to perform SQL injection with input that was previously sanitized in earlier PHP versions. Public...
GLSA-200603-22 : PHP: Format string and XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200603-22 PHP: Format string and XSS vulnerabilities Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found in PHP: Input passed to the session ID in the session extension isn't properly sanitised before...
Multiple PHP extensions vulnerabilities
mysqli extension format string vulnerability, session extension session id HTTP response splitting...