Description
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Remediation
References
Related Vulnerabilities
WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.1.0)
WordPress Plugin WP-Live Chat by 3CX Arbitrary File Upload (8.0.31)
Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)