Description

The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Remediation

References

CVE-2010-2190

Related Vulnerabilities

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)

Moodle Other Vulnerability (CVE-2015-3175)

WordPress Plugin Newsletter-Send awesome emails from WordPress Unspecified Vulnerability (4.1.1)

WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)

WordPress Plugin Integration for Contact Form 7 and Zoho Cross-Site Scripting (1.1.7)

Severity

Medium

Classification

CVE-2010-2190 CWE-200

Tags

Missing Update Known Vulnerabilities