Description
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0438 Vulnerability (CVE-2013-0438)
WordPress Plugin Weaver Show Posts Cross-Site Scripting (1.6)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.20)
Apache Tomcat Other Vulnerability (CVE-2010-3718)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)