Lucene search
K

CVE-2014-8142

🗓️ 20 Dec 2014 11:00:00Reported by redhatType 
cve
 cve
🔗 web.nvd.nist.gov👁 322 Views🌐 WEB

Use-after-free vulnerability in process_nested_data function in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via crafted unserialize call

Related
Detection
Refs
Paths
NVD
Node
phpphpRange5.4.35
OR
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.15
OR
phpphpMatch5.5.16
OR
phpphpMatch5.5.17
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.6.0
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
ParameterPositionPathDescriptionCWE
new_lesson_idquery param/www/new_sidebar.php?sbctg=lessons&new_lesson_id=null+union+select+password+from+users+where+id=1PHP unserialize use-after-free leading to remote code execution (via crafted input in new_sidebar.php)CWE-416
transferedquery param/test/efront/www/professor.php?ctg=copy&from=8&node_orders=&transfered=[SERIALIZED_ARBITRARY_OBJECT]&mode=ajax&csrf_id=6ebb0b3aee60a1764e780e8494985a8ePHP Object Injection vulnerability via unsafe unserialize on transfered parameter in eFront copy.phpCWE-416
k_securityHashrequest body/set.phpPHP Object Injection vulnerability via unserialize in Kerio Control set.php (CVE-2014-8142 context)CWE-416
targetrequest body/set.phpPHP Object Injection vulnerability via unserialize in Kerio Control set.php (CVE-2014-8142 context)CWE-416
k_variablerequest body/set.phpPHP Object Injection vulnerability via unserialize in Kerio Control set.php (CVE-2014-8142 context)CWE-416
k_valuerequest body/set.phpPHP Object Injection vulnerability via unserialize in Kerio Control set.php (CVE-2014-8142 context)CWE-416
k_historyTimestamprequest body/set.phpPHP Object Injection vulnerability via unserialize in Kerio Control set.php (CVE-2014-8142 context)CWE-416

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 00:16Current
8High risk
Vulners AI Score8
CVSS 27.5
EPSS0.53166
322