PHP "addcslashes()" Information Disclosure Vulnerability

2010-05-05T00:00:00
ID SSV:19554
Type seebug
Reporter Root
Modified 2010-05-05T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to the implementation of "addcslashes()" function not being properly protected against function interruptions, which can be exploited to disclose potentially sensitive information.

The vulnerability is reported in PHP 5.2.13 and 5.3.2. Other versions may also be affected.

Solution
Do not use the vulnerable function in an exploitable context.

Provided and/or discovered by
Stefan Esser

Original Advisory
http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html