Description

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Remediation

References

CVE-2015-6831

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1498)

WordPress Plugin Amazon Product in a Post SQL Injection (3.5.2)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Unspecified Vulnerability (5.0.12)

WordPress Plugin WP Human Resource Management Security Bypass (2.2.5)

MySQL CVE-2017-3455 Vulnerability (CVE-2017-3455)

Severity

High

Classification

CVE-2015-6831 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities