Description

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Remediation

References

CVE-2007-1649

Related Vulnerabilities

WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Cross-Site Scripting (1.15.2)

WordPress Plugin wordpress vertical image slider Multiple Vulnerabilities (1.0)

WordPress Plugin Events Made Easy PHP Object Injection (2.0.52)

Severity

High

Classification

CVE-2007-1649

Tags

Missing Update Known Vulnerabilities