Description

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Remediation

References

CVE-2015-6832

Related Vulnerabilities

WordPress Plugin Simple Post Cross-Site Scripting (1.1)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-27316)

WordPress Plugin Team Members Cross-Site Scripting (5.1.0)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0465)

Severity

High

Classification

CVE-2015-6832 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities