The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| scottmac | libmbfl | 1.1.0 |