Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4889

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4889
Last Modified 05 Sep 2008 05:29:20
Published 13 Sep 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4889

Summary

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Vulnerable Systems

Application

  • Php 5.2.4

  • Php Mysql Extension


References

BUGTRAQ - 20070911 PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass

XF - php-multiple-functions-security-bypass(36555)

BUGTRAQ - 20070912 Re Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass

BUGTRAQ - 20070912 Re: PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass

SREASON - 3134


Last Updated: 27 May 2016 10:45:58