Description

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Remediation

References

CVE-2007-1649

Related Vulnerabilities

ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)

MySQL Improper Input Validation Vulnerability (CVE-2017-3256)

WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)

WordPress Plugin MW WP Form Arbitrary File Upload (5.0.1)

WordPress Plugin Podlove Subscribe button Cross-Site Scripting (1.3.6)

Severity

High

Classification

CVE-2007-1649

Tags

Missing Update Known Vulnerabilities