CVE-2007-3997
CVE-2007-3997
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/4392unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/26642http://secunia.com/advisories/26822http://secunia.com/advisories/26838http://secunia.com/advisories/27102http://secunia.com/advisories/27377http://secunia.com/advisories/28318http://securityreason.com/securityalert/3102http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/https://exchange.xforce.ibmcloud.com/vulnerabilities/36384https://exchange.xforce.ibmcloud.com/vulnerabilities/39402https://issues.rpath.com/browse/RPL-1693https://issues.rpath.com/browse/RPL-1702