CVE-2017-5677
Summary: CVE-2017-5677 affects PEAR HTML_AJAX versions 0.3.0–0.5.7. The vulnerability is a PHP Object Injection in the HTML_AJAX_Serializer_PHP class, which uses unserialize() on user-controlled input. The root cause is described as an incorrect regular expression used to extract class names, all...