Description
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Remediation
References
Related Vulnerabilities
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)
WordPress Plugin Zibbra Cross-Site Scripting (1.7.0)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4660)