CVE-2010-4700

EUVD-2010-4665
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
phpphp
5.3.2
phpphp
5.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
not-affected
hardy
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
Common Weakness Enumeration
References
http://bugs.php.net/52221
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/46056
https://exchange.xforce.ibmcloud.com/vulnerabilities/64964
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620
http://bugs.php.net/52221
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/46056
https://exchange.xforce.ibmcloud.com/vulnerabilities/64964
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620