Vulnerabilities

CVE-2010-3870

by Fred · 12/11/2010

The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.

Date published : 2010-11-12

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://www.securityfocus.com/bid/44605

Similar

Tags: Cybersecurity Alert