Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2010-3062 - Vulnerability Database
PHP

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2010-3062

Medium
Reference: CVE-2010-3062
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-3062
Title: PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value which is not properly handled by the php_mysqlnd_ok_read function or (2) trigger a heap-based buffer overflow via a modified length value which is not properly handled by the php_mysqlnd_rset_header_read function.