Information Disclosure Vulnerability in Libmbfl 1.1.0 Allows Attackers to Obtain Sensitive Data

Information Disclosure Vulnerability in Libmbfl 1.1.0 Allows Attackers to Obtain Sensitive Data

CVE-2010-4156 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Learn more about our Cis Benchmark Audit For Ibm I.