The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
Max CVSS
6.8
EPSS Score
0.18%
Published
2011-01-18
Updated
2017-09-19
1 vulnerabilities found