• info
• discussion
• exploit
• solution
• references

PHP Multiple Functions Reference Parameter Information Disclosure Vulnerability

PHP is prone to an information-disclosure vulnerability due to a design error.

The vulnerability resides in various functions that accept parameters as references.

Successful exploits will allow attackers to obtain sensitive information. Information harvested may assist on further attacks.

PHP 4 through 4.4.6 and 5 through 5.2.1 are affected.