{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright © Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2007/cve-2007-4889.json" } ], "title": "php mysql extension safemode flaw", "tracking": { "current_release_date": "2025-11-21T13:18:54+00:00", "generator": { "date": "2025-11-21T13:18:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.12" } }, "id": "CVE-2007-4889", "initial_release_date": "2007-01-01T00:00:00+00:00", "revision_history": [ { "date": "2007-01-01T00:00:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-04-09T00:42:29+00:00", "number": "2", "summary": "Current version" }, { "date": "2025-11-21T13:18:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "product": { "name": "All currently supported Red Hat products", "product_id": "red_hat_products", "product_identification_helper": { "cpe": "cpe:/a:redhat" } } } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4889", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "red_hat_products" ] } ], "notes": [ { "category": "description", "text": "The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.", "title": "Vulnerability description" }, { "category": "other", "text": "We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php", "title": "Statement" } ], "product_status": { "known_not_affected": [ "red_hat_products" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4889" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4889", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4889" } ], "title": "php mysql extension safemode flaw" } ] }