Main Vulnerability Database Vulnerabilities #VU40518

#VU40518 Input validation error in PHP - CVE-2015-6831

Published: January 19, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40518

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-6831

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

Remediation

Install update from vendor's website.

#VU40518 Input validation error in PHP - CVE-2015-6831

Description

Remediation

External links