Lucene search

MitreCVE-2010-4700

HistoryJan 18, 2011 - 8:00 p.m.

CVE-2010-4700

2011-01-1820:00:10

CWE-89

mitre

web.nvd.nist.gov

cve-2010-4700

php 5.3.2

php 5.3.3

set_magic_quotes_runtime

mysqli extension

mysqli_fetch_assoc

sql injection

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

Affected configurations

Nvd

Node

phpphpMatch5.3.2

phpphpMatch5.3.3

VendorProductVersionCPE
phpphp5.3.2cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
phpphp5.3.3cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	5.3.2	cpe:2.3:a:php:php:5.3.2:::::::*
php	php	5.3.3	cpe:2.3:a:php:php:5.3.3:::::::*

References

bugs.php.net/52221

www.php.net/ChangeLog-5.php

www.securityfocus.com/bid/46056

exchange.xforce.ibmcloud.com/vulnerabilities/64964

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12620

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

Related for CVE-2010-4700