Description

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Remediation

References

CVE-2009-3291

Related Vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0983)

WordPress Plugin WPhone Cross-Site Scripting (1.5.2)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)

WordPress Plugin Events Registration with PayPal IPN Multiple SQL Injection Vulnerabilities (2.1.2)

Severity

High

Classification

CVE-2009-3291 CWE-20

Tags

Missing Update Known Vulnerabilities