Description

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Remediation

References

CVE-2007-4889

Related Vulnerabilities

Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)

MySQL Other Vulnerability (CVE-2002-1376)

PHP Other Vulnerability (CVE-2002-0229)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-2608)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)

Severity

Medium

Classification

CVE-2007-4889

Tags

Missing Update Known Vulnerabilities