CVE-2010-4700

Name of the Vulnerable Software and Affected Versions PHP versions 5.3.2 through 5.3.3

Description The issue arises from the interaction between the set magic quotes runtime function and the mysqli fetch assoc function when the MySQLi extension is used. This might facilitate context-dependent attackers to conduct SQL injection attacks via crafted input that was properly handled in earlier PHP versions.

Recommendations For PHP versions 5.3.2 and 5.3.3, consider disabling the use of the set magic quotes runtime function when using the MySQLi extension as a temporary workaround until a patch is available. Restrict access to user input that is handled by the mysqli fetch assoc function to minimize the risk of exploitation.