Description

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

Remediation

References

CVE-2006-4812

Related Vulnerabilities

WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)

WordPress Plugin YITH WooCommerce Product Add-Ons Cross-Site Scripting (2.2.2)

WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2065)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.0.4)

Severity

Critical

Classification

CVE-2006-4812 CWE-94

Tags

Missing Update Known Vulnerabilities