PHP Html_Entity_Decode() Information Disclosure Vulnerability

PHP Html_Entity_Decode() Information Disclosure Vulnerability

PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker.

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

PHP versions prior to 5.1.3-RC1 are vulnerable to this issue.