Exploit for #VU1001 Use-after-free error in PHP

Exploit for #VU1001 Use-after-free error in PHP

Published: 2020-03-18 | Updated: 2020-04-07

Vulnerability identifier: #VU1001

Vulnerability risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2015-6835

CWE-ID: CWE-416

Exploitation vector: Network

Exploits in database: 2

April 7, 2020
- Joomla_CVE-2015-8562 (A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)) [Github]
March 18, 2020
- PHP Session Deserializer - Use-After-Free [Exploit-DB]

Impact: Code execution

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group