Home > Vulnerability Database > WS-2015-0065

Mend.io Vulnerability Database

WS-2015-0065

Good to know:

Date: July 7, 2015

In php-src, php-5.3.0RC1 to php-5.6.11RC1, there is “use-after-free” vulnerability related to the PHP methods “lasterrorcode” and “lasterrormessage”. Using an invalid SQL query, an attacker may leverage the vulnerability in order to crash the program, and potentially allow a RCE.

Language: PHP

Severity Score

8.4

Related Resources (2)

Url: https://github.com/php/php-src/commit/26471eb69c3cd9e8162ff3b398d33919d9075191

Url: https://www.mend.io/vulnerability-database/WS-2015-0065

Severity Score

8.4

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version php-5.6.11

Learn More

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2015-0065

Good to know:

Date: July 7, 2015

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?