Описание
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.1.2-1ubuntu3.20 |
| devel | not-affected | 5.3.5-1ubuntu1 |
| hardy | released | 5.2.4-2ubuntu5.13 |
| karmic | released | 5.2.10.dfsg.1-2ubuntu6.6 |
| lucid | released | 5.3.2-1ubuntu4.6 |
| maverick | released | 5.3.3-1ubuntu9.2 |
| upstream | released | 5.3.4 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
The utf8_decode function in PHP before 5.3.4 does not properly handle ...
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Уязвимость функции utf8_decode интерпретатора языка программирования PHP, позволяющая нарушителю провести XSS-атаки
EPSS
6.8 Medium
CVSS2