Description
Stefan Esser had discovered a weakness within the depths of the implementation of hashtables in the Zend Engine. This vulnerability affects a large number of PHP applications. It creates large new holes in many popular PHP applications. Additonally many old holes that were disclosed in the past were only fixed by using the unset() statement. Many of these holes are still open if the already existing exploits are changed by adding the correct numerical keys to survive the unset(). For a detailed explanation of the vulnerability read the referenced article.
Affected PHP versions (up to 4.4.2/5.1.3).
Remediation
Upgrade PHP to the latest version.
References
Related Vulnerabilities
WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)
WordPress Plugin SB Uploader Arbitrary File Upload (3.2)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Cross-Site Scripting (19.6.24)
WordPress Plugin Form Builder-Create Responsive Contact Forms Cross-Site Scripting (1.9.8.3)