Description

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Remediation

References

CVE-2007-5898

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Directory Traversal (5.1.4)

WordPress Plugin bbPress Cross-Site Scripting (2.5.8)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Directory Traversal (2.4.19)

WordPress Plugin Product Slider for WooCommerce Cross-Site Scripting (2.6.3)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14234)

Severity

Medium

Classification

CVE-2007-5898

Tags

Missing Update Known Vulnerabilities