Description

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Remediation

References

CVE-2007-4889

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)

Apache Tomcat version older than 6.0.36

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.7.01)

WordPress Plugin Custom Login Page Customizer-LoginPress Multiple Vulnerabilities (1.1.13)

WordPress Plugin WP eCommerce Cross-Site Scripting (3.9.2)

Severity

Medium

Classification

CVE-2007-4889

Tags

Missing Update Known Vulnerabilities