Description

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Remediation

References

CVE-2011-3379

Related Vulnerabilities

osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-42235)

WordPress Plugin Backup and Staging by WP Time Capsule Security Bypass (1.21.15)

WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-34464)

WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)

Severity

High

Classification

CVE-2011-3379 CWE-94

Tags

Missing Update Known Vulnerabilities