Description

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Remediation

References

CVE-2011-3379

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)

WordPress Plugin WP Database Backup Cross-Site Request Forgery (5.1.2)

WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)

WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10)

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)

Severity

High

Classification

CVE-2011-3379 CWE-94

Tags

Missing Update Known Vulnerabilities