The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2010-05-07 23:00
Updated : 2024-02-04 17:54
NVD link : CVE-2010-1860
Mitre link : CVE-2010-1860
CVE.ORG link : CVE-2010-1860
JSON object : View
Products Affected
php
- php
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor