PT-2010-3826 · Php · Php

Stefan Esser

Published

2010-06-23

Updated

2024-06-15

CVE-2010-2225

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.x through 5.3.2

Description The issue is related to a use-after-free vulnerability in the SplObjectStorage unserializer, which can be exploited by remote attackers using serialized data. This vulnerability is associated with the PHP unserialize function and can lead to the execution of arbitrary code or the disclosure of sensitive information.

Recommendations For PHP versions 5.2.x through 5.3.2, consider updating to a version that contains a fix for this issue, as using outdated versions poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2010-2225

DSA-2089-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

Affected Products

Php

PT-2010-3826 · Php · Php

CVE-2010-2225

Weakness Enumeration

Related Identifiers

Affected Products

References · 134