The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
| Max Base Score | 7.5 |
| Published | 2011-11-03 |
| Updated | 2012-07-03 |
| EPSS | 5.99% |
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
| Max Base Score | 7.5 |
| Published | 2011-05-31 |
| Updated | 2017-08-17 |
| EPSS | 1.86% |
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
| Max Base Score | 7.5 |
| Published | 2011-03-16 |
| Updated | 2017-08-17 |
| EPSS | 1.78% |
3 vulnerabilities found