Описание
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Ссылки
- Release NotesVendor Advisory
- ExploitVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- ExploitVendor Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Use-after-free vulnerability in the add_post_var function in the Posth ...
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Уязвимость функции add_post_var интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2