3 matches found
SUSE CVE-2018-19395
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...
PHP 5.6.x < 5.6.39 Multiple vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39, 7.0.x prior to 7.0.33, 7.1.x prior to 7.1.25, 7.2.x prior to 7.2.13 or 7.3.x prior to 7.3.0. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerabilit...
CVE-2018-19395
PHP on Windows (versions 5.x–7.1.24) is affected by CVE-2018-19395 due to a NULL return from com_properties_get in ext/com_dotnet/com_handlers.c, which can cause a NULL pointer dereference and application crash (DoS) when performing a serialize on COM("WScript.Shell"). The root cause is in ext/st...