Description

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Remediation

References

CVE-2011-3379

Related Vulnerabilities

WordPress Plugin WP Prayer Cross-Site Scripting (1.9.6)

Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)

ownCloud CVE-2022-43679 Vulnerability (CVE-2022-43679)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Oracle JRE CVE-2013-2436 Vulnerability (CVE-2013-2436)

Severity

High

Classification

CVE-2011-3379 CWE-94

Tags

Missing Update Known Vulnerabilities