Description
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
Remediation
References
Related Vulnerabilities
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
WordPress Plugin TR Easy Google Analytics Cross-Site Scripting (1.0.0)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0364)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0127)