CVE Reference: CVE-2007-3997

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-3997

Description:
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/36384
  http://xforce.iss.net/xforce/xfdb/39402

TRUSTIX
  http://www.trustix.org/errata/2007/0026/

SREASON
  http://securityreason.com/securityalert/3102

SAID
  Secunia Advisory: SA28318
  Secunia Advisory: SA27102
  Secunia Advisory: SA27377
  Secunia Advisory: SA26822
  Secunia Advisory: SA26838
  Secunia Advisory: SA26642

MISC
  http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/

MILW0RM
  http://www.milw0rm.com/exploits/4392

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

CONFIRM
  http://www.php.net/ChangeLog-4.php
  http://www.php.net/releases/4_4_8.php
  http://www.php.net/ChangeLog-5.php#5.2.4
  http://www.php.net/releases/5_2_4.php


Return to the previous page.