Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1748)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-0448)

WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.1)

Moodle Other Vulnerability (CVE-2006-4942)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (4.1.6)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities