Description
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
Remediation
References
Related Vulnerabilities
MySQL CVE-2011-2262 Vulnerability (CVE-2011-2262)
WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)
Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)
WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)