CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.2%
The utf8_decode function in PHP before 5.3.4 does not properly handle
non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data,
which makes it easier for remote attackers to bypass cross-site scripting
(XSS) and SQL injection protection mechanisms via a crafted string.