Description

This alert was generated using only banner information. It may be a false positive.

The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini

Affected PHP versions (5.2.7).

Remediation

Upgrade PHP to the latest version.

References

PHP 5.2.8 Release Announcement

PHP Homepage

Related Vulnerabilities

Drupal Core 8.8.x Cross-Site Scripting (8.8.0 - 8.8.3)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4866)

MySQL CVE-2019-2739 Vulnerability (CVE-2019-2739)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5105)

WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)

Severity

High

Classification

CVE-2008-2371 CVE-2008-2665 CVE-2008-2666 CVE-2008-2829 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 CWE-1104 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update