Description

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Remediation

References

CVE-2015-6832

Related Vulnerabilities

Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994)

MySQL CVE-2021-2146 Vulnerability (CVE-2021-2146)

PHP Other Vulnerability (CVE-2011-0421)

WordPress Plugin Analytics Cross-Site Scripting (1.2.3)

WordPress Plugin WPBakery Page Builder Cross-Site Scripting (6.4.0)

Severity

High

Classification

CVE-2015-6832 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities