No description provided by source.
Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to the implementation of "addcslashes()" function not being properly protected against function interruptions, which can be exploited to disclose potentially sensitive information. The vulnerability is reported in PHP 5.2.13 and 5.3.2. Other versions may also be affected. Solution Do not use the vulnerable function in an exploitable context. Provided and/or discovered by Stefan Esser Original Advisory http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html