PHP 'ext/standard/var.c' Incomplete Fix Use After Free Remote Code Execution Vulnerability
PHP is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.
PHP 7.0.10 and prior are vulnerable.
Note : This issue is the result of an incomplete fix for the CVE-2015-6834 described in BID 76649 (PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities).