Description

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Remediation

References

CVE-2009-2626

Related Vulnerabilities

Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2332)

WordPress Plugin Booster Plus for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

Squid Improper Synchronization Vulnerability (CVE-2020-14059)

WordPress Plugin Social Login Lite For WooCommerce Security Bypass (1.6.0)

WordPress Plugin WP-Paginate Cross-Site Scripting (2.1.3)

Severity

Medium

Classification

CVE-2009-2626

Tags

Missing Update Known Vulnerabilities