Detect date
?
|
01/11/2017 |
Severity
?
|
Critical |
Description
|
An improper implementation of the SplObjectStorage unserialize in ext/spl/spl_observer.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed serialized data. Technical details Vulnerability occurs because an implementation does not verify whether a key is an object or not. |
Affected products
|
PHP 7.x before 7.0.12 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
ACE [?] DoS [?] |
Related products
|
PHP |
CVE-IDS
?
|
|
Find out the statistics of the vulnerabilities spreading in your region |