Red Hat Bugzilla – Bug 480169
CVE-2008-5844 php: change to the FILTER_UNSAFE_RAW in 5.2.7 breaks magic_quotes_gpc
Last modified: 2009-01-23 11:48:05 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5844 to the following vulnerability:
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality,
and unintentionally disables magic_quotes_gpc regardless of the actual
magic_quotes_gpc setting, which might make it easier for context-dependent
attackers to conduct SQL injection attacks and unspecified other attacks.
This issue is specific to PHP version 5.2.7. It was introduced in the following commit:
The issue was noticed shortly after 5.2.7 release and reverted in:
PHP 5.2.7 was replaced by fixed 5.2.8:
Affected PHP version was never shipped in any Red Hat product version or Fedora.