VYPR
Unrated severityNVD Advisory· Published Aug 20, 2010· Updated Jun 16, 2026

CVE-2010-2531

CVE-2010-2531

Description

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=5.2.0,<5.2.14
    • (no CPE)range: >=5.2, <5.2.14 || >=5.3, <5.3.3
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.