Description
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Remediation
References
Related Vulnerabilities
WordPress Plugin Frontend File Manager Multiple Vulnerabilities (18.2)
WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)
WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)
Oracle Database Server CVE-2006-3699 Vulnerability (CVE-2006-3699)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)