Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Mar 28 2006 06:24PM
Stefan Esser (sesser php net)
just to stop this:
The bug is a binary safety issue in html_entity_decode. A function that
is not usually used on user input, because user input is usually not
expected in HTML format and then decoded. Even if the function is used
on user input it can only leak memory to a potential attacke...
[ more ]
Copyright 2010, SecurityFocus