Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2010-4700 - Vulnerability Database
PHP

PHP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2010-4700

Medium
Reference: CVE-2010-4700
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-4700
Title: PHP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3 when the MySQLi extension is used does not properly interact with use of the mysqli_fetch_assoc function which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.