Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

CVE-2012-0788

Related Vulnerabilities

Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)

WordPress Plugin CAPTCHA in Thai Multiple Cross-Site Scripting Vulnerabilities (1.1)

Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6926)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33939)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities