The SoapClient __call method in ext/soap/soap.c in PHP prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 does not properly manage headers, which allows remote malicious users to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.1 |
||
php php 5.5.0 |
||
php php 5.6.0 |
||
php php 5.6.5 |
||
php php 5.5.19 |
||
php php 5.6.12 |
||
php php 5.5.25 |
||
php php 5.5.1 |
||
php php 5.5.5 |
||
php php 5.6.4 |
||
php php 5.5.21 |
||
php php 5.6.6 |
||
php php 5.5.14 |
||
php php 5.5.7 |
||
php php 5.6.11 |
||
php php 5.6.2 |
||
php php 5.6.10 |
||
php php 5.5.12 |
||
php php 5.5.6 |
||
php php 5.6.7 |
||
php php 5.5.3 |
||
php php 5.5.23 |
||
php php 5.5.8 |
||
php php 5.5.27 |
||
php php |
||
php php 5.5.24 |
||
php php 5.5.11 |
||
php php 5.5.13 |
||
php php 5.5.4 |
||
php php 5.5.28 |
||
php php 5.5.26 |
||
php php 5.6.9 |
||
php php 5.5.10 |
||
php php 5.6.3 |
||
php php 5.5.22 |
||
php php 5.6.8 |
||
php php 5.5.18 |
||
php php 5.5.20 |
||
php php 5.5.2 |
||
php php 5.5.9 |