Use-after-free vulnerabilities in SPL in PHP versions before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12, leading to remote code execution.

Use-after-free vulnerabilities in SPL in PHP versions before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12, leading to remote code execution.

CVE-2015-6831 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Learn more about our Web Application Penetration Testing UK.