Monday, July 19, 2010

PHP Unserialize() Vulnerability

A vulnerability in the PHP unserialize() function was announced at the SyScan 2010 security conference. Proof of concept exploit code has been published publicly. PHP developers have committed a fix to their source code repository (see link below), but have not released an offical fix as of this writing.

Affected versions:
PHP 5.2 <= 5.2.13
PHP 5.3 <= 5.3.2


email: david @

No comments:

Post a Comment