CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-3622

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 6.8

References

http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=68088
https://bugzilla.redhat.com/show_bug.cgi?id=1151423
http://php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=68088
https://bugzilla.redhat.com/show_bug.cgi?id=1151423

Products affected by CVE-2014-3622

Php » Php » Version: 5.6.0

cpe:2.3:a:php:php:5.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3622

Products

Pricing

Contact Us