The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
References
Configurations
History
No history.
Information
Published : 2007-09-04 18:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-3997
Mitre link : CVE-2007-3997
CVE.ORG link : CVE-2007-3997
JSON object : View
Products Affected
php
- php
CWE
CWE-264
Permissions, Privileges, and Access Controls