vendor:
PHP
by:
Stefan Esser
5.5
CVSS
MEDIUM
Information Leak
200
CWE
Product Name: PHP
Affected Version From: PHP 5
Affected Version To: PHP 5
Patch Exists: NO
Related CWE:
CPE: a:php:php
Platforms Tested:
2007
PHP 5 – substr_compare Information Leak Vulnerability
This vulnerability allows an attacker to leak sensitive information from memory using the substr_compare function in PHP 5. By manipulating the function parameters, an attacker can retrieve data from memory that should not be accessible. This can lead to the exposure of sensitive information such as passwords or cryptographic keys.
Mitigation:
Upgrade to a version of PHP that has patched this vulnerability. Check with the vendor for available patches and updates.