Description

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.

Remediation

References

CVE-2016-9138

Related Vulnerabilities

WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)

Moodle CVE-2024-25979 Vulnerability (CVE-2024-25979)

WordPress Plugin BulletProof Security Cross-Site Scripting (.52.4)

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)

WordPress 6.0.x Shortcode Execution (6.0 - 6.0.4)

Severity

Critical

Classification

CVE-2016-9138 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities