WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1868)

Description

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Remediation

References

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4108)

WordPress 4.9.x Arbitrary File Deletion Vulnerability (4.9 - 4.9.6)

WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)

Nginx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-3898)

Internet Information Services Uncontrolled Resource Consumption Vulnerability (CVE-2009-2521)

Severity

High

Classification

CVE-2010-1868 CWE-94

Tags

Missing Update Known Vulnerabilities