Description
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
Drupal Data Processing Errors Vulnerability (CVE-2017-6920)
WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.9.4.6)
WordPress Plugin WP Data Access Privilege Escalation (5.3.7)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)