VYPR
High severity7.5NVD Advisory· Published Jul 10, 2017· Updated Jun 17, 2026

CVE-2016-10397

CVE-2016-10397

Description

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.