Description

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

Remediation

References

CVE-2010-4700

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.9.15)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.7.01)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

Oracle Database Server CVE-2010-0901 Vulnerability (CVE-2010-0901)

WebLogic CVE-2021-2397 Vulnerability (CVE-2021-2397)

Severity

Medium

Classification

CVE-2010-4700 CWE-138

Tags

Missing Update Known Vulnerabilities