Arbitrary Code Execution

2019-05-0205:04:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

php is vulnerable to arbitrary code execution. The vulnerability exists in the SPL component where unserialization of certain data structures can cause type confusion issues.

CPENameOperatorVersion
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php53eq5.3.3__1.el5_7.5
php53eq5.3.3__1.el5_6.1
php53eq5.3.3__13.el5_8
php53eq5.3.3__22.el5_10
php53eq5.3.3__21.el5
php53eq5.3.3__13.el5_9.1
php53eq5.3.3__1.el5_7.6

Name	Operator	Version
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php53	eq	5.3.3__1.el5_7.5
php53	eq	5.3.3__1.el5_6.1
php53	eq	5.3.3__13.el5_8
php53	eq	5.3.3__22.el5_10
php53	eq	5.3.3__21.el5
php53	eq	5.3.3__13.el5_9.1
php53	eq	5.3.3__1.el5_7.6