Description
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
Remediation
References
Related Vulnerabilities
Python Data Processing Errors Vulnerability (CVE-2013-7440)
WordPress Plugin Responsive Pricing Table Unspecified Vulnerability (4.1.1)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)
Oracle Application Server CVE-2007-5519 Vulnerability (CVE-2007-5519)