PEAR HTML_AJAX CVE-2017-5677 PHP Object Injection Vulnerability

PEAR HTML_AJAX is prone to a PHP object injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to inject arbitrary object in to the application to delete files, view files and execute local script code and to access or modify data, or exploit latent vulnerabilities in the underlying database execute arbitrary PHP code through specially crafted serialized objects.

PEAR HTML_AJAX versions 0.3.0 through 0.5.7 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus