Description
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.
Remediation
References
Related Vulnerabilities
Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)
MySQL CVE-2016-0653 Vulnerability (CVE-2016-0653)
WordPress Plugin WordPress Gallery Cross-Site Scripting (1.0)
WordPress Plugin Site Reviews Cross-Site Scripting (5.17.2)
WordPress Plugin Grow by Tradedoubler-Advertiser for WooCommerce Local File Inclusion (2.0.21)