NVD

Id
15938  
Name
CVE-2010-4700  
Description
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2011-01-18  
Modified Date
2011-07-18  
Seq
2010-4700  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
90324 15938 CVE-2010-4700 http://bugs.php.net/52221  View
90325 15938 CVE-2010-4700 oval:org.mitre.oval:def:12620  View
90326 15938 CVE-2010-4700 http://www.php.net/ChangeLog-5.php  View
90327 15938 CVE-2010-4700 46056  View
90328 15938 CVE-2010-4700 php-setmagicquotesruntime-sql-injection(64964)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36973 JVNDB-2010-002753 PHP の set_magic_quotes_runtime 関数における SQL インジェクション攻撃を誘導される脆弱性 PHP の set_magic_quotes_runtime 関数は、MySQLi 拡張モジュールが使用されている際、mysqli_fetch_assoc 関数と適切に交信しないため、SQL インジェクション攻撃を誘導される脆弱性が存在します。 CVE-2010-4700 47280 CVE-2010-4700 15938 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002753.html 2010-07-01 2011-02-18 View