Description

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

Remediation

References

CVE-2006-1490

Related Vulnerabilities

WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)

WordPress Plugin WordPress Easy Custom Js And Css Cross-Site Scripting (1.1.2)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

WordPress Plugin WP Dev Powers:ACF Color Coded Field Types Security Bypass (1.0)

PHP Other Vulnerability (CVE-2006-4433)

Severity

Medium

Classification

CVE-2006-1490

Tags

Missing Update Known Vulnerabilities