Description
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Relevanssi Premium-A Better Search Cross-Site Scripting (1.14.8)
WordPress Plugin Acurax On Click Pop Under Multiple Unspecified Vulnerabilities (2.2.1)
Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068)
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
WordPress Plugin Slideshow Gallery LITE Arbitrary File Upload (1.4.6)