Description

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Remediation

References

CVE-2015-6831

Related Vulnerabilities

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.7.4)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3659)

WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.24)

WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0813)

Severity

High

Classification

CVE-2015-6831 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities