VDB

CVE-2010-2094

CVE-2010-2094 PUBLISHED CVSS 6.800000190734863 MEDIUM

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.

EPSS 3.09% · 87.0th percentile

Risk Scores

CVSS 2.0
6.800000190734863
EPSS Score
3.09%
87.0th percentile

Affected Products

VendorProductVersions
n/an/an/a
phpphp5.3.0, 5.3.1

Exploit Intelligence

Timeline

  • May 27, 2010 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 18, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 15, 2025 EPSS Score
  • Apr 18, 2025 EPSS Score
  • Apr 20, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›