Description

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Remediation

References

CVE-2007-5898

Related Vulnerabilities

WordPress Plugin Sunshine Photo Cart Cross-Site Request Forgery (2.8.28)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0202)

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9406)

e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)

Severity

Medium

Classification

CVE-2007-5898

Tags

Missing Update Known Vulnerabilities