CVE-2006-1490
PHP - Information Disclosure via html_entity_decode Binary Data Handling
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-1490. PoCs published by Samuel.
AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in PHP's `html_entity_decode()` function. By sending a long string with a null byte, an attacker can trigger a buffer overflow, potentially leaking sensitive information.
Description
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Exploits (1)
This exploit demonstrates an information disclosure vulnerability in PHP's `html_entity_decode()` function. By sending a long string with a null byte, an attacker can trigger a buffer overflow, potentially leaking sensitive information.