Описание
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php53 | Affected | ||
| Red Hat Enterprise Linux 4 | php | Fixed | RHSA-2010:0919 | 29.11.2010 |
| Red Hat Enterprise Linux 5 | php | Fixed | RHSA-2010:0919 | 29.11.2010 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2011:0195 | 03.02.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
The utf8_decode function in PHP before 5.3.4 does not properly handle ...
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Уязвимость функции utf8_decode интерпретатора языка программирования PHP, позволяющая нарушителю провести XSS-атаки
EPSS
4.3 Medium
CVSS2