Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Deserialization of Untrusted Data Vulnerability - CVE-2017-11143 - Vulnerability Database
PHP

PHP Deserialization of Untrusted Data Vulnerability - CVE-2017-11143

High
Reference: CVE-2017-11143
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-11143
Title: PHP Deserialization of Untrusted Data Vulnerability
Overview:

In PHP before 5.6.31 an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter related to an invalid free for an empty boolean element in ext/wddx/wddx.c.