QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-3870

Back to search

CVE-2010-3870

Published: Nov 12, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2011-0077
vdb-entry
x_refsource_VUPEN
FEDORA-2010-19011
vendor-advisory
x_refsource_FEDORA
42812
third-party-advisory
x_refsource_SECUNIA
HPSBOV02763
vendor-advisory
x_refsource_HP
RHSA-2011:0195
vendor-advisory
x_refsource_REDHAT
1024797
vdb-entry
x_refsource_SECTRACK
SUSE-SR:2010:023
vendor-advisory
x_refsource_SUSE
APPLE-SA-2011-03-21-1
vendor-advisory
x_refsource_APPLE
USN-1042-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2010:0919
vendor-advisory
x_refsource_REDHAT
ADV-2011-0021
vdb-entry
x_refsource_VUPEN
SSRT100826
vendor-advisory
x_refsource_HP
42410
third-party-advisory
x_refsource_SECUNIA
MDVSA-2010:224
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2010-18976
vendor-advisory
x_refsource_FEDORA
ADV-2011-0020
vdb-entry
x_refsource_VUPEN
44605
vdb-entry
x_refsource_BID
ADV-2010-3081
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now