Description

The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.

Remediation

References

CVE-2010-1861

Related Vulnerabilities

WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.1)

e107 Other Vulnerability (CVE-2005-4224)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)

WordPress Plugin Real WYSIWYG Cross-Site Scripting (0.0.2)

WordPress Plugin AdRoll for WooCommerce Stores Unspecified Vulnerability (2.2.5)

Severity

Medium

Classification

CVE-2010-1861

Tags

Missing Update Known Vulnerabilities