Description
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
Remediation
References
Related Vulnerabilities
WordPress 4.5.3 Directory Traversal Vulnerability (4.5.3)
WordPress Plugin Custom Post Type UI 'wp-admin/admin.php' Cross-Site Scripting (0.7)
Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6065)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-14384)