Test ID:	1.3.6.1.4.1.25623.1.0.802591
Category:	Web application abuses
Title:	PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability - Windows
Summary:	PHP is prone to a security bypass vulnerability.
Description:	Summary: PHP is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is due to an error in importing environment variables, it not properly performing a temporary change to the 'magic_quotes_gpc' directive during the importing of environment variables. Vulnerability Impact: Successful exploitation could allow remote attackers to gain sensitive information via a crafted request. Affected Software/OS: PHP Version 5.3.9 and prior on Windows. Solution: Update to PHP Version 5.3.10 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0831 48668 http://secunia.com/advisories/48668 51954 http://www.securityfocus.com/bid/51954 55078 http://secunia.com/advisories/55078 APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html FEDORA-2012-6907 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html FEDORA-2012-6911 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html SUSE-SU-2012:0411 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SUSE-SU-2012:0472 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html USN-1358-1 http://www.ubuntu.com/usn/USN-1358-1 http://support.apple.com/kb/HT5501 http://svn.php.net/viewvc?view=revision&revision=323016 https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz openSUSE-SU-2012:0426 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html php-magicquotesgpc-sec-bypass(73125) https://exchange.xforce.ibmcloud.com/vulnerabilities/73125
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.