The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote malicious users to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.3.7 |
||
php php 5.3.8 |