Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24744
HistoryApr 10, 2020 - 1:03 a.m.

Arbitrary Code Execution

2020-04-1001:03:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

EPSS

0.016

Percentile

87.4%

php is vulnerable to arbitrary code execution. The vulnerability exists as a use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.