Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

WordPress Plugin BuddyPress Members Only Cross-Site Scripting (1.8.3)

WordPress Plugin Stylish Cost Calculator Cross-Site Scripting (7.0.3)

SharePoint CVE-2024-38227 Vulnerability (CVE-2024-38227)

MediaWiki Improper Input Validation Vulnerability (CVE-2011-0003)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1818)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities