Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Data Processing Errors Vulnerability (CVE-2015-4147)

Description

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2012-5084 Vulnerability (CVE-2012-5084)

WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)

MySQL CVE-2015-4866 Vulnerability (CVE-2015-4866)

Severity

High

Classification

CVE-2015-4147

Tags

Missing Update Known Vulnerabilities