1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2010-4700
PublicDate: 2011-01-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4700
Description:
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the
MySQLi extension is used, does not properly interact with use of the
mysqli_fetch_assoc function, which might make it easier for
context-dependent attackers to conduct SQL injection attacks via crafted
input that had been properly handled in earlier PHP versions.
Ubuntu-Description:
Notes:
mdeslaur> we use libmysqlclient, not mysqlnd, so not affected.
Bugs:
http://bugs.php.net/52221
Priority: medium
Discovered-by:
Assigned-to:
Patches_php5:
upstream_php5: released (5.3.4)
dapper_php5: not-affected
hardy_php5: not-affected
karmic_php5: not-affected
lucid_php5: not-affected
maverick_php5: not-affected
devel_php5: not-affected (5.3.5-1ubuntu1)
|