PHP magic_quotes_gpc Is Disabled

Summary#

Invicti detected that the magic_quotes_gpc Is disabled. The magic quotes option is designed to safeguard developers against SQL injection attacks. It executes addslashes() on all information received over GET, POST or COOKIE.

Impact#

When magic_quotes_gpc is disabled, that makes it easier for an attacker to perform SQL injection attacks.

Actions To Take#

To enable magic_quotes_gpc, you can set it to 'on' in the php.ini or .htaccess file.

php.ini:
```
magic_quotes_gpc = 'on'
```
.htaccess:
```
php_flag magic_quotes_gpc on
```

Classifications#

OWASP 2017-A6, CWE-16, OWASP 2013-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N