Description
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin QR Redirector Cross-Site Scripting (1.6)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)
WordPress Plugin Wise Agent Lead Capture Forms Cross-Site Scripting (1.0)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9)
WordPress Plugin WP-Curriculo Vitae Free Arbitrary File Upload (6.3)