Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Other Vulnerability (CVE-2016-4540)

Description

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

Remediation

References

Related Vulnerabilities

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.6.4)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-15013)

Internet Information Services Other Vulnerability (CVE-2011-5279)

WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23)

Severity

Critical

Classification

CVE-2016-4540 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities