The var_export function in PHP 5.2 prior to 5.2.14 and 5.3 prior to 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote malicious users to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |