WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2950)

Description

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2010-0852 Vulnerability (CVE-2010-0852)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)

WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.8.2)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4969)

Oracle Application Server Other Vulnerability (CVE-2006-3708)

Severity

Medium

Classification

CVE-2010-2950 CWE-134

Tags

Missing Update Known Vulnerabilities