PT-2010-3826 · Php · Php

Stefan Esser

Publicado

2010-06-23

Atualizado

2024-06-15

CVE-2010-2225

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.x through 5.3.2

Description The issue is related to a use-after-free vulnerability in the SplObjectStorage unserializer, which can be exploited by remote attackers using serialized data. This vulnerability is associated with the PHP unserialize function and can lead to the execution of arbitrary code or the disclosure of sensitive information.

Recommendations For PHP versions 5.2.x through 5.3.2, consider updating to a version that contains a fix for this issue, as using outdated versions poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2010-2225

DSA-2089-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

Produtos afetados

Php

PT-2010-3826 · Php · Php

CVE-2010-2225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 134