Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-4mr9-qddm-7fdd

Summary php information disclosure via mb_strcut()

Aliases

alias	CVE-2010-4156

Fixed_packages

Affected_packages

url pkg:rpm/redhat/php53@5.3.3-1.el5_6?arch=1

purl pkg:rpm/redhat/php53@5.3.3-1.el5_6?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j7q-kz1w-9bh6

vulnerability	VCID-4mr9-qddm-7fdd

vulnerability	VCID-xzsz-j91v-skf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-1.el5_6%3Farch=1

References

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html

reference_url	http://marc.info/?l=bugtraq&m=130331363227777&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=130331363227777&w=2

reference_url	http://pastie.org/1279428
reference_id
reference_type
scores
url	http://pastie.org/1279428

reference_url	http://pastie.org/1279682
reference_id
reference_type
scores
url	http://pastie.org/1279682

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4156.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4156

reference_id

reference_type

scores

value	0.10111
scoring_system	epss
scoring_elements	0.93118
published_at	2026-04-21T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93063
published_at	2026-04-01T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93072
published_at	2026-04-02T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93076
published_at	2026-04-04T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93075
published_at	2026-04-07T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93083
published_at	2026-04-08T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93088
published_at	2026-04-09T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93093
published_at	2026-04-11T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93091
published_at	2026-04-12T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93092
published_at	2026-04-13T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93108
published_at	2026-04-16T12:55:00Z

value	0.10111
scoring_system	epss
scoring_elements	0.93113
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4156

reference_url	http://secunia.com/advisories/42135
reference_id
reference_type
scores
url	http://secunia.com/advisories/42135

reference_url	http://secunia.com/advisories/42812
reference_id
reference_type
scores
url	http://secunia.com/advisories/42812

reference_url	http://secunia.com/advisories/43189
reference_id
reference_type
scores
url	http://secunia.com/advisories/43189

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2010:225

reference_url	http://www.openwall.com/lists/oss-security/2010/11/07/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2010/11/07/2

reference_url	http://www.openwall.com/lists/oss-security/2010/11/08/13
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2010/11/08/13

reference_url	http://www.php.net/ChangeLog-5.php
reference_id
reference_type
scores
url	http://www.php.net/ChangeLog-5.php

reference_url	http://www.redhat.com/support/errata/RHSA-2011-0196.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2011-0196.html

reference_url	http://www.securityfocus.com/bid/44727
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/44727

reference_url	http://www.ubuntu.com/usn/USN-1042-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1042-1

reference_url	http://www.vupen.com/english/advisories/2011/0020
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0020

reference_url	http://www.vupen.com/english/advisories/2011/0021
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0021

reference_url	http://www.vupen.com/english/advisories/2011/0077
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0077

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=651682
reference_id	651682
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=651682

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.0:::::::*
reference_id	cpe:2.3:a:php:php:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.1:::::::*
reference_id	cpe:2.3:a:php:php:5.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.2:::::::*
reference_id	cpe:2.3:a:php:php:5.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.3:::::::*
reference_id	cpe:2.3:a:php:php:5.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:scottmac:libmbfl:1.1.0:::::::*
reference_id	cpe:2.3:a:scottmac:libmbfl:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:scottmac:libmbfl:1.1.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4156

reference_id

CVE-2010-4156

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4156

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/34979.php
reference_id	CVE-2010-4156;OSVDB-69099
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/34979.php

reference_url	https://access.redhat.com/errata/RHSA-2011:0196
reference_id	RHSA-2011:0196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:0196

reference_url	https://usn.ubuntu.com/1042-1/
reference_id	USN-1042-1
reference_type
scores
url	https://usn.ubuntu.com/1042-1/

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

date_added	2010-11-07
description	PHP 5.3.x - 'mb_strcut()' Information Disclosure
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2010-11-07
exploit_type	remote
platform	php
source_date_updated	2017-10-16
data_source	Exploit-DB
source_url

Severity_range_score 5.0 - 5.0

Exploitability 2.0

Weighted_severity 4.5

Risk_score 9.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mr9-qddm-7fdd

Vulnerability Instance