Description
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Remediation
References
Related Vulnerabilities
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)
WordPress Plugin YOP Poll Cross-Site Scripting (6.1.4)
PHP Data Processing Errors Vulnerability (CVE-2015-4025)
MySQL CVE-2012-3177 Vulnerability (CVE-2012-3177)
WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.3.0)