Description

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Remediation

References

CVE-2010-2100

Related Vulnerabilities

ThirstyAffiliates Affiliate Link Manager Cross-Site Scripting (3.9.2)

Calendar by WD-Responsive Event Calendar for WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.3.0)

Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)

eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)

PHP Out-of-bounds Write Vulnerability (CVE-2019-6977)

Severity

Medium

Classification

CVE-2010-2100 CWE-200

Tags

Missing Update Known Vulnerabilities