CVE-2007-3997
Published: 4 September 2007
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Notes
Author | Note |
---|---|
kees | safe_mode/open_basedir not supported |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.2.4)
|
dapper |
Ignored
|
|
edgy |
Ignored
|
|
feisty |
Ignored
|
|
gutsy |
Ignored
|
|
hardy |
Ignored
|
|
php4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4.8)
|
dapper |
Ignored
|
|
edgy |
Ignored
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|