Description
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1831)
WordPress Plugin Name Directory Cross-Site Scripting (1.7.6)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.03)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)