CVE-2007-3997
published 2007-09-04CVE-2007-3997: The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.82%
96.1th percentile
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.4 | — |
| php | php | >= 4.0.0 < 4.4.8 | 4.4.8 |
| php | php | >= 5.0.0 < 5.2.4 | 5.2.4 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-chpc-3cm4-f9gq: The MySQL extension in PHP 5
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4889 [HIGH] GHSA-chpc-3cm4-f9gq: The MySQL extension in PHP 5
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
GHSA
GHSA-966w-852v-c3c4: The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4
ghsa_unreviewed·2022-05-01
CVE-2007-3997 [HIGH] GHSA-966w-852v-c3c4: The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Red Hat
php mysql extension safemode flaw
vendor_redhat·CVSS 7.5
CVE-2007-4889 [HIGH] php mysql extension safemode flaw
php mysql extension safemode flaw
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
Statement: We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php
Red Hat
php safe_mode bypass with MySQL INFILE LOCAL
vendor_redhat·CVSS 7.5
CVE-2007-3997 [HIGH] php safe_mode bypass with MySQL INFILE LOCAL
php safe_mode bypass with MySQL INFILE LOCAL
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Statement: We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php
No detection rules found.
http://secunia.com/advisories/26642http://secunia.com/advisories/26822http://secunia.com/advisories/26838http://secunia.com/advisories/27102http://secunia.com/advisories/27377http://secunia.com/advisories/28318http://securityreason.com/securityalert/3102http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlhttp://www.php.net/ChangeLog-4.phphttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/4_4_8.phphttp://www.php.net/releases/5_2_4.phphttp://www.trustix.org/errata/2007/0026/http://www.vupen.com/english/advisories/2007/3023http://www.vupen.com/english/advisories/2008/0059https://exchange.xforce.ibmcloud.com/vulnerabilities/36384https://exchange.xforce.ibmcloud.com/vulnerabilities/39402https://issues.rpath.com/browse/RPL-1693https://issues.rpath.com/browse/RPL-1702https://www.exploit-db.com/exploits/4392http://secunia.com/advisories/26642http://secunia.com/advisories/26822http://secunia.com/advisories/26838http://secunia.com/advisories/27102http://secunia.com/advisories/27377http://secunia.com/advisories/28318http://securityreason.com/securityalert/3102http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlhttp://www.php.net/ChangeLog-4.phphttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/4_4_8.phphttp://www.php.net/releases/5_2_4.phphttp://www.trustix.org/errata/2007/0026/http://www.vupen.com/english/advisories/2007/3023http://www.vupen.com/english/advisories/2008/0059https://exchange.xforce.ibmcloud.com/vulnerabilities/36384https://exchange.xforce.ibmcloud.com/vulnerabilities/39402https://issues.rpath.com/browse/RPL-1693https://issues.rpath.com/browse/RPL-1702https://www.exploit-db.com/exploits/4392
2007-09-04
Published