Vulnerability Details : CVE-2008-5844
Potential exploit
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks.
Vulnerability category: Sql Injection
Products affected by CVE-2008-5844
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
Threat overview for CVE-2008-5844
Top countries where our scanners detected CVE-2008-5844
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-5844 15
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-5844!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-5844
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5844
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-5844
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5844
-
Red Hat 2009-01-23Not vulnerable. This issue did not affect the versions of the php package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and with Red Hat Application Stack v1 and v2. Only PHP version 5.2.7 was affected by this flaw.
References for CVE-2008-5844
-
http://bugs.php.net/bug.php?id=46759
-
http://www.php.net/archive/2008.php#id2008-12-07-1
-
http://www.securitytracker.com/id?1021393
-
http://www.php.net/archive/2008.php#id2008-12-08-1
-
http://bugs.php.net/bug.php?id=42718
Exploit
-
http://www.php.net/ChangeLog-5.php#5.2.8
-
http://www.securityfocus.com/bid/32673
Jump to