Description
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-3701 Vulnerability (CVE-2006-3701)
WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)
WordPress Plugin Social Media Widget by Acurax Cross-Site Request Forgery (3.2.5)
Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)