Description

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Remediation

References

CVE-2011-3379

Related Vulnerabilities

Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6619)

Oracle Database Server Other Vulnerability (CVE-2005-3446)

WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)

Django Improper Input Validation Vulnerability (CVE-2010-4535)

Liferay Portal CVE-2022-45320 Vulnerability (CVE-2022-45320)

Severity

High

Classification

CVE-2011-3379 CWE-94

Tags

Missing Update Known Vulnerabilities