Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

Oracle Database Server CVE-2020-2968 Vulnerability (CVE-2020-2968)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2403)

WordPress Plugin Share Buttons by AddThis Cross-Site Request Forgery (5.3.5)

WordPress Plugin Smart Slideshow 'upload.php' Arbitrary File Upload (2.1)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities