Description
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Multiple SQL Injection Vulnerabilities (12.09)
VMware directory traversal and privilege escalation vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-7568)