Description
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Remediation
References
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)
WordPress Plugin WP Live Chat Support Pro Arbitrary File Upload (8.0.06)
WordPress Plugin Team Members Cross-Site Scripting (5.2.0)
MySQL CVE-2017-3635 Vulnerability (CVE-2017-3635)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.7.0)