Description

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.

Remediation

References

CVE-2012-0781

Related Vulnerabilities

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-9417)

PHP Other Vulnerability (CVE-2003-0442)

Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21654)

WordPress Plugin Modern WPBakery Page Builder Addons (formerly Visual Composer)-Add-ons Arbitrary File Upload (3.0.1)

Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)

Severity

Medium

Classification

CVE-2012-0781

Tags

Missing Update Known Vulnerabilities