Description
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)
WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)
Apache HTTP Server Other Vulnerability (CVE-2000-1206)
WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)