Description

The magic quotes option is designed to safeguard developers against SQL injection attacks. It executes addslashes() on all information received over GET, POST or COOKIE. This protection is not perfect and it's better to validate input from your own scripts. Still, it is recommended to enable magic_quotes_gpc as an extra layer of security.

Remediation

You can enable magic_quotes_gpc from php.ini or .htaccess.

php.ini
magic_quotes_gpc = 'on'

.htaccess
php_flag magic_quotes_gpc on

Related Vulnerabilities

TRACK method is enabled

Yii debug mode enabled

Axis development mode enabled in WEB-INF/server-config.wsdd

PHP allow_url_fopen Is Enabled

Insecure Transportation Security Protocol Supported (SSLv3)

Severity

High

Classification

CWE-150 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration