Main Vulnerability Database Exploits ID:6437 - Exploit for Input validation error in PHP - CVE-2015-6834

ID:6437 - Exploit for Input validation error in PHP - CVE-2015-6834

Published: June 17, 2021

Vulnerability identifier: #VU40285

Vulnerability risk: High

CVE-ID: CVE-2015-6834

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/40414/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. <a href="http://cwe.mitre.org/data/definitions/502.html">CWE-502: Deserialization of Untrusted Data</a>

Remediation

Install update from vendor's website.

ID:6437 - Exploit for Input validation error in PHP - CVE-2015-6834

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human