Description
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
Remediation
References
Related Vulnerabilities
PostgreSQL Numeric Errors Vulnerability (CVE-2010-4015)
phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000017)
WordPress Plugin WP Flow Plus Unspecified Vulnerability (2.2.0)
WordPress Plugin Zedna eBook download Directory Traversal (1.1)
WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.36)