PHP 5.x < 5.2.8 magic_quotes_gpc Security Bypass
High Nessus Network Monitor Plugin ID 4784
SynopsisThe remote web server uses a version of PHP that is affected by a security bypass weakness.
DescriptionAccording to its banner, the version of PHP installed on the remote host is 5.2.7. This version introduced a regression with regard to 'magic_quotes' functionality due to an incorrect fix to the filter extension. As a result, the 'magic_quotes_gpc' setting remains off even if it is set to on.
SolutionUpgrade to version 5.2.8 or higher.