The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
Base Score: 6.8
Impact Score: 6.4
Exploitability Score: 8.6
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.4 (inclusive)
View all (1 total)