Description

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

Remediation

References

CVE-2007-3997

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2019-10079)

MyBB Other Vulnerability (CVE-2007-0622)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)

Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)

Severity

High

Classification

CVE-2007-3997 CWE-264

Tags

Missing Update Known Vulnerabilities