Description

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Remediation

References

CVE-2010-2225

Related Vulnerabilities

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)

WordPress Plugin Spreadsheet (wpSS) Cross-Site Scripting (0.62)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-39527)

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)

Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)

Severity

High

Classification

CVE-2010-2225

Tags

Missing Update Known Vulnerabilities