Description
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2007-1743)
Ruby Other Vulnerability (CVE-2016-2337)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)
Oracle JRE CVE-2012-1682 Vulnerability (CVE-2012-1682)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5204)