Description

This alert was generated using only banner information. It may be a false positive.

Stefan Esser had discovered a weakness within the depths of the implementation of hashtables in the Zend Engine. This vulnerability affects a large number of PHP applications. It creates large new holes in many popular PHP applications. Additonally many old holes that were disclosed in the past were only fixed by using the unset() statement. Many of these holes are still open if the already existing exploits are changed by adding the correct numerical keys to survive the unset(). For a detailed explanation of the vulnerability read the referenced article.

Affected PHP versions (up to 4.4.2/5.1.3).

Remediation

Upgrade PHP to the latest version.

References

Zend_Hash_Del_Key_Or_Index Vulnerability

PHP Homepage

Related Vulnerabilities

WordPress Plugin Yes-co ORES Cross-Site Scripting (1.3.44)

WordPress Plugin Product Slider for WooCommerce Security Bypass (2.5.6)

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

WordPress Plugin mTouch Quiz Multiple Vulnerabilities (3.0.6)

WordPress Plugin Affiliates Manager SQL Injection (2.8.6)

Severity

High

Classification

CVE-2006-3017 CWE-702 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update