VYPR
← All advisories
Unrated severityNVD Advisory· Published May 7, 2010· Updated Apr 29, 2026

CVE-2010-1860

CVE-2010-1860

Description

The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.

Affected products

16
  • PHP/PHP16 versions
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.