Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24961
HistoryApr 10, 2020 - 1:10 a.m.

Remote Code Execution (RCE)

2020-04-1001:10:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
25

EPSS

0.875

Percentile

98.7%

PHP is vulnerable to remote code execution (RCE). It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.

References