PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability Network Vulnerability

Summary

PHP is prone to a vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow attackers to provide unexpected input and possibly bypass input-validation protection mechanisms. This can aid in further attacks that may utilize crafted user-supplied input. Versions prior to PHP 5.3.4 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.php.net/bug.php?id=48230
http://bugs.php.net/bug.php?id=49687
http://comments.gmane.org/gmane.comp.security.oss.general/3684
http://svn.php.net/viewvc?view=revision&revision=304959
http://www.php.net/
https://www.securityfocus.com/bid/44605

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3870

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
Apple Safari Webkit Multiple Vulnerabilities - March 2011
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)

Take action and discover your vulnerabilities