PT-2010-3486 · Php · Php

Published

2010-05-07

Updated

2016-08-23

CVE-2010-1860

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 5.2 through 5.2.13 PHP versions 5.3 through 5.3.2

Description The issue allows context-dependent attackers to obtain sensitive information, such as memory contents, or trigger memory corruption. This is related to the html entity decode function and the call time pass by reference feature, which can be exploited by causing a userspace interruption of an internal call.

Recommendations For PHP versions 5.2 through 5.2.13, update to a version outside of this range to resolve the issue. For PHP versions 5.3 through 5.3.2, update to a version outside of this range to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-1860

Affected Products

Php

PT-2010-3486 · Php · Php

CVE-2010-1860

Weakness Enumeration

Related Identifiers

Affected Products

References · 6