Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.23)

WordPress Plugin WP Customer Reviews Multiple Vulnerabilities (3.0.8)

Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)

WordPress Plugin Booking Calendar Contact Form Cross-Site Scripting (1.0.24)

Moodle Missing Authorization Vulnerability (CVE-2019-14883)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities