Php · Php · CVE-2009-5016
**Name of the Vulnerable Software and Affected Versions**
PHP versions prior to 5.2.11
**Description**
The issue is related to an integer overflow in the `xml utf8 decode` function, which can be exploited by remote attackers using a crafted string with overlong UTF-8 encoding. This allows attackers to bypass protection mechanisms against cross-site scripting (XSS) and SQL injection.
**Recommendations**
For PHP versions prior to 5.2.11, update to version 5.2.11 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent the use of overlong UTF-8 encoding.