{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2007-3997", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "4392", "refsource" : "EXPLOIT-DB", "url" : "https://www.exploit-db.com/exploits/4392" }, { "name" : "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/", "refsource" : "MISC", "url" : "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/" }, { "name" : "http://www.php.net/ChangeLog-5.php#5.2.4", "refsource" : "CONFIRM", "url" : "http://www.php.net/ChangeLog-5.php#5.2.4" }, { "name" : "http://www.php.net/releases/5_2_4.php", "refsource" : "CONFIRM", "url" : "http://www.php.net/releases/5_2_4.php" }, { "name" : "https://issues.rpath.com/browse/RPL-1702", "refsource" : "CONFIRM", "url" : "https://issues.rpath.com/browse/RPL-1702" }, { "name" : "https://issues.rpath.com/browse/RPL-1693", "refsource" : "CONFIRM", "url" : "https://issues.rpath.com/browse/RPL-1693" }, { "name" : "http://www.php.net/ChangeLog-4.php", "refsource" : "CONFIRM", "url" : "http://www.php.net/ChangeLog-4.php" }, { "name" : "http://www.php.net/releases/4_4_8.php", "refsource" : "CONFIRM", "url" : "http://www.php.net/releases/4_4_8.php" }, { "name" : "GLSA-200710-02", "refsource" : "GENTOO", "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" }, { "name" : "2007-0026", "refsource" : "TRUSTIX", "url" : "http://www.trustix.org/errata/2007/0026/" }, { "name" : "ADV-2007-3023", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2007/3023" }, { "name" : "26642", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/26642" }, { "name" : "26822", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/26822" }, { "name" : "26838", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/26838" }, { "name" : "27377", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/27377" }, { "name" : "27102", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/27102" }, { "name" : "28318", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/28318" }, { "name" : "3102", "refsource" : "SREASON", "url" : "http://securityreason.com/securityalert/3102" }, { "name" : "ADV-2008-0059", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2008/0059" }, { "name" : "php-local-infile-security-bypass(36384)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36384" }, { "name" : "php-localinfile-mysql-security-bypass(39402)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39402" } ] } }