CVE-2010-4156

Libmbfl 1.1.0 - Information Disclosure via mb_strcut Length Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4156. PoCs published by Mateusz Kocielski.

AI-analyzed exploit summary This code is a minimal PHP script that does not demonstrate the CVE-2010-4156 vulnerability. It lacks the necessary conditions to trigger the information disclosure issue in PHP's mb_strcut function.

Description

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Exploits (1)

exploitdb STUB VERIFIED
by Mateusz Kocielski · phpremotephp
https://www.exploit-db.com/exploits/34979

This code is a minimal PHP script that does not demonstrate the CVE-2010-4156 vulnerability. It lacks the necessary conditions to trigger the information disclosure issue in PHP's mb_strcut function.

Classification
Stub 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: PHP (versions affected by CVE-2010-4156)
No auth needed
Prerequisites: PHP installation with mbstring extension enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0077
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42812
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0196.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130331363227777&w=2
Patch x_refsource_misc
http://pastie.org/1279428
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1042-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0021
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44727
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/11/08/13
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0020
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43189
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42135
Patch x_refsource_misc
http://pastie.org/1279682
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/11/07/2

Scores

EPSS 0.1279
EPSS Percentile 95.8%

Details

CWE
CWE-20
Status published
Products (1)
scottmac/libmbfl 1.1.0
Published Nov 10, 2010
Tracked Since Feb 18, 2026