Description
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)
Lighttpd Other Vulnerability (CVE-2006-0760)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)
WordPress Plugin Rating by BestWebSoft Cross-Site Scripting (0.1)