Also wegen dieser https://bugs.php.net/bug.php?id=68089
IN jedenfal mall checken ob den COMSEO Teilen ( also auch smarty unsw) so programierd sind DASS ES NICHT ZU SOLCHEN KOMMEN KAN.
PHP Und CURL
[2014-09-25 12:16 UTC] research at g0blin dot co dot uk Point taken - this really is an issue with cURL, not PHP, so we do not need a CVE against PHP.
[2014-09-25 12:46 UTC] johannes@php.net Before this is overseen: There *is* a PHP issue, though it is not directly the reported one. Just put a \0 the in any option (like the URL instead of %00). This has to be fixed on our side. See attached patch (which is missing a test right now)