Description
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
Remediation
References
Related Vulnerabilities
Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.13)
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)
TYPO3 Cryptographic Issues Vulnerability (CVE-2012-3527)
Drupal Incorrect Authorization Vulnerability (CVE-2011-2726)
Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)