CVE-2007-1711

Name of the Vulnerable Software and Affected Versions: PHP versions 4.4.5 through 4.4.6

Description: A double free vulnerability exists in the unserializer, allowing context-dependent attackers to execute arbitrary code. This can be achieved by overwriting variables pointing to the GLOBALS array or the session data in SESSION.

Recommendations: For PHP versions 4.4.5 through 4.4.6, consider disabling the unserializer function until a patch is available. Restrict access to session data to minimize the risk of exploitation. Avoid using the GLOBALS array in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.