CVE-2012-0831

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-02-2012 09:55

Last modified: - 16-08-2022 03:31

Total changes: - 2

Description

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

Reference

http://svn.php.net/viewvc?view=revision&revision=323016
51954-Patch, Third Party Advisory, VDB Entry
USN-1358-1-Patch, Third Party Advisory
https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz
48668-Third Party Advisory
openSUSE-SU-2012:0426-Mailing List, Third Party Advisory
FEDORA-2012-6911-Mailing List, Third Party Advisory
FEDORA-2012-6907-Mailing List, Third Party Advisory
APPLE-SA-2012-09-19-2-Mailing List, Third Party Advisory
http://support.apple.com/kb/HT5501
RHSA-2013:1307-Third Party Advisory
55078-Third Party Advisory
php-magicquotesgpc-sec-bypass(73125)-Third Party Advisory, VDB Entry
SUSE-SU-2012:0411-Mailing List, Third Party Advisory
SUSE-SU-2012:0472-Mailing List, Third Party Advisory

Keywords

CVE-2012-0831

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-0831

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures