PHP contains a use-after-free vulnerability in the substr_replace function. Successful exploitation could allow attackers to cause denial of service conditions and potentially execute arbitrary code.
PHP 5.3.6 and earlier.
Remote Code Execution
Server-Side Arbitrary Remote Code Execution This server-side vulnerability could allow an attacker to gain the ability to remotely execute arbitrary code with the same privileges as the affected service.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 15107 - PHP Multiple Vulnerabilities (20110823)
No mitigation has been provided.