CVE-2010-4700
PHP 5.3.2-5.3.3 - SQL Injection via set_magic_quotes_runtime and mysqli_fetch_assoc Interaction
Title source: llmDescription
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46056
Various Sources x_refsource_confirm
http://bugs.php.net/52221
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64964
Scores
EPSS
0.0020
EPSS Percentile
42.1%
Details
CWE
CWE-89
Status
published
Products (2)
php/php
5.3.2
php/php
5.3.3
Published
Jan 18, 2011
Tracked Since
Feb 18, 2026