CVE-2009-5016

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.11

Description The issue is related to an integer overflow in the xml utf8 decode function, which can be exploited by remote attackers using a crafted string with overlong UTF-8 encoding. This allows attackers to bypass protection mechanisms against cross-site scripting (XSS) and SQL injection.

Recommendations For PHP versions prior to 5.2.11, update to version 5.2.11 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent the use of overlong UTF-8 encoding.