Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

WordPress Plugin Flog Cross-Site Scripting (0.1)

WordPress Plugin Advanced Access Manager Cross-Site Scripting (6.7.9)

Microsoft SQL Server CVE-2023-21704 Vulnerability (CVE-2023-21704)

WordPress Plugin YITH WooCommerce Wishlist SQL Injection (2.1.2)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities