Main Vulnerability Database Exploits ID:2685 - Exploit for Use-after-free error in PHP - CVE-2016-7479

ID:2685 - Exploit for Use-after-free error in PHP - CVE-2016-7479

Published: May 18, 2020

Vulnerability identifier: #VU12900

Vulnerability risk: High

CVE-ID: CVE-2016-7479

CWE-ID: CWE-416

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-1002/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to resizing the 'properties' hash table of a serialized object during the unserialization process. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

ID:2685 - Exploit for Use-after-free error in PHP - CVE-2016-7479

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human