CVE-2007-3997 - OpenCVE

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/26642
http://secunia.com/advisories/26822
http://secunia.com/advisories/26838
http://secunia.com/advisories/27102
http://secunia.com/advisories/27377
http://secunia.com/advisories/28318
http://securityreason.com/securityalert/3102
http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.php.net/ChangeLog-4.php
http://www.php.net/ChangeLog-5.php#5.2.4
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://www.trustix.org/errata/2007/0026/
http://www.vupen.com/english/advisories/2007/3023
http://www.vupen.com/english/advisories/2008/0059
https://exchange.xforce.ibmcloud.com/vulnerabilities/36384
https://exchange.xforce.ibmcloud.com/vulnerabilities/39402
https://issues.rpath.com/browse/RPL-1693
https://issues.rpath.com/browse/RPL-1702
https://www.exploit-db.com/exploits/4392

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-04T18:00:00

Updated: 2024-08-07T14:37:06.033Z

Reserved: 2007-07-25T00:00:00

Link: CVE-2007-3997

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-09-04T18:17:00.000

Modified: 2018-10-26T13:59:38.397

Link: CVE-2007-3997

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "php-localinfile-mysql-security-bypass(39402)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39402"}, {"name": "26822", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26822"}, {"name": "ADV-2008-0059", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0059"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/releases/4_4_8.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php#5.2.4"}, {"name": "2007-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1693"}, {"name": "3102", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3102"}, {"tags": ["x_refsource_MISC"], "url": "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1702"}, {"name": "26838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26838"}, {"name": "php-local-infile-security-bypass(36384)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36384"}, {"name": "27377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27377"}, {"name": "4392", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4392"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-4.php"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27102"}, {"name": "ADV-2007-3023", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3023"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/releases/5_2_4.php"}, {"name": "28318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28318"}, {"name": "26642", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26642"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "php-localinfile-mysql-security-bypass(39402)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39402"}, {"name": "26822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26822"}, {"name": "ADV-2008-0059", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0059"}, {"name": "GLSA-200710-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "http://www.php.net/releases/4_4_8.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/4_4_8.php"}, {"name": "http://www.php.net/ChangeLog-5.php#5.2.4", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php#5.2.4"}, {"name": "2007-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0026/"}, {"name": "https://issues.rpath.com/browse/RPL-1693", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1693"}, {"name": "3102", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3102"}, {"name": "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/", "refsource": "MISC", "url": "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/"}, {"name": "https://issues.rpath.com/browse/RPL-1702", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1702"}, {"name": "26838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26838"}, {"name": "php-local-infile-security-bypass(36384)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36384"}, {"name": "27377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27377"}, {"name": "4392", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4392"}, {"name": "http://www.php.net/ChangeLog-4.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-4.php"}, {"name": "27102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27102"}, {"name": "ADV-2007-3023", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3023"}, {"name": "http://www.php.net/releases/5_2_4.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_4.php"}, {"name": "28318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28318"}, {"name": "26642", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26642"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:37:06.033Z"}, "title": "CVE Program Container", "references": [{"name": "php-localinfile-mysql-security-bypass(39402)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39402"}, {"name": "26822", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26822"}, {"name": "ADV-2008-0059", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0059"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/releases/4_4_8.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-5.php#5.2.4"}, {"name": "2007-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1693"}, {"name": "3102", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3102"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1702"}, {"name": "26838", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26838"}, {"name": "php-local-infile-security-bypass(36384)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36384"}, {"name": "27377", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27377"}, {"name": "4392", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4392"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-4.php"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27102"}, {"name": "ADV-2007-3023", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3023"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/releases/5_2_4.php"}, {"name": "28318", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28318"}, {"name": "26642", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26642"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3997", "datePublished": "2007-09-04T18:00:00", "dateReserved": "2007-07-25T00:00:00", "dateUpdated": "2024-08-07T14:37:06.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6C219FD-2507-491C-B38F-777D1A626FEC", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "EABE00F5-DB5A-480D-8D77-73C04DBAB2A0", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE."}, {"lang": "es", "value": "Las extensiones (1) MySQL y (2) MySQLi en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos evitar las restricciones safe_mode y open_basedir a trav\u00e9s de operaciones MySQL LOCAL INFILE, como se demostr\u00f3 con un consulta con LOAD DATA LOCAL INFILE."}], "id": "CVE-2007-3997", "lastModified": "2018-10-26T13:59:38.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-04T18:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/26642"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/26822"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/26838"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/27102"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/27377"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/28318"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/3102"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/ChangeLog-4.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/ChangeLog-5.php#5.2.4"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/releases/4_4_8.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/releases/5_2_4.php"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.trustix.org/errata/2007/0026/"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3023"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0059"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36384"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39402"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1693"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1702"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/4392"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group\u2019s stance on these features, Mandriva does not consider this a security issue.", "lastModified": "2007-09-18T00:00:00", "organization": "Mandriva"}, {"comment": "We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php\n", "lastModified": "2007-09-05T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}