Vulnerabilities > CVE-2014-3622 - Use After Free vulnerability in PHP 5.6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_5_6_1.NASL |
| description | According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.1. It is, therefore, affected by errors related to the function |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 78082 |
| published | 2014-10-07 |
| reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/78082 |
| title | PHP 5.6.x < 5.6.1 'add_post_var' Code Execution |