Description
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
Remediation
References
Related Vulnerabilities
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.2)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.1.9)
Oracle Database Server CVE-2006-5337 Vulnerability (CVE-2006-5337)
Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)
WordPress 4.3.x Cross-Domain Flash Injection Vulnerability (4.3 - 4.3.14)