Description

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).

Remediation

References

CVE-2007-1711

Related Vulnerabilities

WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19436)

MySQL CVE-2016-0595 Vulnerability (CVE-2016-0595)

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2791)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4546)

Severity

Medium

Classification

CVE-2007-1711

Tags

Missing Update Known Vulnerabilities