Description

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Remediation

References

CVE-2010-2100

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11809)

Ruby Improper Authentication Vulnerability (CVE-2007-5162)

WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (5.0.12)

MySQL CVE-2018-2786 Vulnerability (CVE-2018-2786)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14475)

Severity

Medium

Classification

CVE-2010-2100 CWE-200

Tags

Missing Update Known Vulnerabilities