PHP Deserialization Vulnerability

PHP Deserialization Vulnerability

CVE-2004-1019 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Learn more about our Web Application Penetration Testing UK.