Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
Max CVSS
7.5
EPSS Score
4.47%
Published
2010-06-24
Updated
2017-08-17
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.
Max CVSS
7.5
EPSS Score
0.39%
Published
2010-05-07
Updated
2010-05-11
2 vulnerabilities found