PT-2017-16666 · Pear · Pear Html Ajax

Egidio Romano

Published

2017-02-06

Updated

2019-10-03

CVE-2017-5677

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PEAR HTML AJAX versions 0.3.0 through 0.5.7

Description The issue is related to a PHP Object Injection Vulnerability in the PHP Serializer, which allows remote code execution. The root cause is attributed to an incorrect regular expression.

Recommendations For versions 0.3.0 through 0.5.7, update to a version that fixes the PHP Object Injection Vulnerability in the PHP Serializer to prevent remote code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-5677

Affected Products

Pear Html Ajax

PT-2017-16666 · Pear · Pear Html Ajax

CVE-2017-5677

Related Identifiers

Affected Products

References · 8