Main Vulnerability Database Exploits ID:11652 - Exploit for Buffer overflow in PHP - CVE-2016-7480

ID:11652 - Exploit for Buffer overflow in PHP - CVE-2016-7480

Published: June 14, 2025

Vulnerability identifier: #VU110256

Vulnerability risk: High

CVE-ID: CVE-2016-7480

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-1003/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

Remediation

Install update from vendor's website.

ID:11652 - Exploit for Buffer overflow in PHP - CVE-2016-7480

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human