mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
834 B
834 B
CVE-2015-6831
Description
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
POC
Reference
- https://bugs.php.net/bug.php?id=70168
- https://bugs.php.net/bug.php?id=70169
- https://hackerone.com/reports/104018
Github
No PoCs found on GitHub currently.