CVE-2012-0831

Exploit

EPSS 10.63%
Published 10.02.2012 20:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version <= 5.3.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.63%	0.93

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-1307.html

Third Party Advisory

http://secunia.com/advisories/55078

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/48668

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Third Party Advisory

Mailing List