PHP : Security Vulnerabilities, CVEs, Published In February 2012 (Sql injection)
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
Max CVSS
6.8
EPSS Score
0.63%
Published
2012-02-10
Updated
2022-08-16
1 vulnerabilities found