Description
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-3144 Vulnerability (CVE-2012-3144)
MySQL CVE-2018-3077 Vulnerability (CVE-2018-3077)
Envoy Proxy Use After Free Vulnerability (CVE-2024-23322)
WordPress Plugin Booking Calendar-Clockwork SMS Cross-Site Scripting (1.0.5)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Cross-Site Scripting (5.8.1)