CWE-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

PHP magic_quotes_gpc Is Disabled

Severity:
Medium
Summary

Invicti detected that the magic_quotes_gpc Is disabled. The magic quotes option is designed to safeguard developers against SQL injection attacks. It executes addslashes() on all information received over GET, POST or COOKIE.

Impact

When magic_quotes_gpc is disabled, that makes it easier for an attacker to perform SQL injection attacks.

Remediation
Required Skills for Successful Exploitation
Actions To Take

To enable magic_quotes_gpc, you can set it to 'on' in the php.ini or .htaccess file.

  • php.ini:magic_quotes_gpc = 'on'
  • .htaccess:php_flag magic_quotes_gpc on
Classifications
CWE-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Index

You can search and find all vulnerabilities

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Related Vulnerabilities

Featured resources

No items found.
No items found.
View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo