Description
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2016-3482 Vulnerability (CVE-2016-3482)
WordPress Plugin Contact Form Email Cross-Site Scripting (1.0)
WordPress Plugin Download from files Arbitrary File Upload (1.48)
SugarCRM Improper Input Validation Vulnerability (CVE-2017-14509)
PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2018-5711)