Description
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Scripting (2.53)
WordPress Plugin WP eCommerce Cross-Site Scripting (3.9.2)
Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)
PHP CVE-2011-1467 Vulnerability (CVE-2011-1467)
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.9.10)