Description
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)
WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)
WordPress Plugin SocialFit 'msg' Parameter Cross-Site Scripting (1.2.2)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)
Oracle Database Server CVE-2014-6560 Vulnerability (CVE-2014-6560)