Description
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2014-2062)
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5739)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-30153)