Main Vulnerability Database Exploits ID:11492 - Exploit for Format string error in PHP - CVE-2010-2094

ID:11492 - Exploit for Format string error in PHP - CVE-2010-2094

Published: June 8, 2025

Vulnerability identifier: #VU110298

Vulnerability risk: Medium

CVE-ID: CVE-2010-2094

CWE-ID: CWE-134

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/33988/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.

Remediation

Install update from vendor's website.

ID:11492 - Exploit for Format string error in PHP - CVE-2010-2094

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human