Vulnerability & Exploit Database

Back to search

PHP Fixed MOPS-2010-24

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) September 28, 2010 December 21, 2010 July 31, 2012

Description

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

php-upgrade-5_3_4

Related Vulnerabilities