Description

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

Remediation

References

CVE-2007-1376

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8089)

WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)

WordPress Plugin WP Symposium Open Redirect (13.04)

MySQL CVE-2021-2215 Vulnerability (CVE-2021-2215)

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WordPress Security Bypass (1.2.3)

Severity

High

Classification

CVE-2007-1376

Tags

Missing Update Known Vulnerabilities