Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5844 to the following vulnerability: PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. References: http://bugs.php.net/bug.php?id=42718 http://securitytracker.com/alerts/2008/Dec/1021393.html http://www.php.net/releases/5_2_8.php http://www.php.net/ChangeLog-5.php#5.2.8
This issue is specific to PHP version 5.2.7. It was introduced in the following commit: http://cvs.php.net/viewvc.cgi/php-src/ext/filter/filter.c?r1=1.52.2.42&r2=1.52.2.43 The issue was noticed shortly after 5.2.7 release and reverted in: http://cvs.php.net/viewvc.cgi/php-src/ext/filter/filter.c?r1=1.52.2.43&r2=1.52.2.44 PHP 5.2.7 was replaced by fixed 5.2.8: http://www.php.net/archive/2008.php#id2008-12-07-1 http://www.php.net/archive/2008.php#id2008-12-08-1 Affected PHP version was never shipped in any Red Hat product version or Fedora.