Description
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Remediation
References
Related Vulnerabilities
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)
Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10680)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)