CVE-2014-3622

Name of the Vulnerable Software and Affected Versions PHP versions 5.6.x through 5.6.0

Description The issue is related to a use-after-free vulnerability in the add post var function of the Posthandler component. This vulnerability can be exploited by remote attackers to execute arbitrary PHP code by leveraging a third-party filter extension that accesses a certain ksep value.

Recommendations For PHP versions 5.6.x through 5.6.0, update to version 5.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to third-party filter extensions that may access the ksep value until a patch is applied.