Description
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)
WordPress Plugin Responsive Pricing Table Unspecified Vulnerability (4.1.1)
WordPress Plugin Mail Masta Multiple SQL Injection Vulnerabilities (1.0)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)