Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3063)

Description

The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.

Remediation

References

Related Vulnerabilities

DataTables Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11031)

WordPress Plugin Random Banner Cross-Site Scripting (4.1.4)

WordPress Plugin WPFront Scroll Top Cross-Site Scripting (2.0.5.07184)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)

Severity

Medium

Classification

CVE-2010-3063 CWE-119

Tags

Missing Update Known Vulnerabilities