CVE-2012-0831 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.

View Analysis Description Analysis Description PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: N/A NVD score not yet provided. CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 6.8 MEDIUM Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) Evaluator Impact As per: http://grokbase.com/t/php/php-internals/122ehfap93/about-cve-2012-0831-magic-quotes-gpc-remote-disable-vulnerability Version 5.3.10 and 5.3.11 are also vulnerable. Weakness Enumeration CWE-ID CWE Name Source CWE-20 Improper Input Validation NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 4 change records found show changes CVE Modified by MITRE 1/17/2018 9:29:07 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html [No Types Assigned]



CVE Modified by MITRE 1/08/2018 9:29:02 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html [No Types Assigned]



CVE Modified by MITRE 8/28/2017 9:31:03 PM Action Type Old Value New Value Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/73125 [No Types Assigned]



Removed Reference http://xforce.iss.net/xforce/xfdb/73125 [No Types Assigned]



Initial CVE Analysis 2/13/2012 9:34:00 AM Action Type Old Value New Value Quick Info CVE Dictionary Entry:

CVE-2012-0831

NVD Published Date:

02/10/2012

NVD Last Modified:

01/17/2018

Source:

MITRE

