Description

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Remediation

References

CVE-2007-4889

Related Vulnerabilities

MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9188)

WordPress Plugin Advanced Custom Fields (ACF) Multiple Security Bypass Vulnerabilities (5.10.2)

WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery (0.9.5.1)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36100)

Severity

Medium

Classification

CVE-2007-4889

Tags

Missing Update Known Vulnerabilities