PHP 'is_a()' Function Remote File Include Vulnerability

PHP is prone to a remote file-include vulnerability because it fails to properly implement the 'is_a()' function.

Exploiting this issue may allow an attacker to compromise PHP applications using the affected function. This may also result in a compromise of the underlying system; other attacks are also possible.

PHP 5.3.7 and 5.3.8 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus