Description
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
Remediation
References
Related Vulnerabilities
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)
WordPress Plugin Spreadsheet (wpSS) Cross-Site Scripting (0.62)
WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)