Description
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Registration Forms Cross-Site Request Forgery (2.1.1)
WordPress Plugin NextGEN Gallery-WordPress Gallery Cross-Site Scripting (2.2.10)
Open Resty Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
WordPress Plugin Advanced Access Manager Multiple Vulnerabilities (6.6.1)