Description
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2020-2968 Vulnerability (CVE-2020-2968)
WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)
WordPress Plugin Share Buttons by AddThis Cross-Site Request Forgery (5.3.5)
WordPress Plugin Smart Slideshow 'upload.php' Arbitrary File Upload (2.1)