The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | 4.0.0 (including) | 4.4.8 (excluding) |
Php | Php | 5.0.0 (including) | 5.2.4 (excluding) |