CVE Vulnerabilities

CVE-2017-5677

Published: Feb 06, 2017 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.

Affected Software

Name Vendor Start Version End Version
Html_ajax Pear 0.3.0 (including) 0.3.0 (including)
Html_ajax Pear 0.3.1 (including) 0.3.1 (including)
Html_ajax Pear 0.3.2 (including) 0.3.2 (including)
Html_ajax Pear 0.3.3 (including) 0.3.3 (including)
Html_ajax Pear 0.3.4 (including) 0.3.4 (including)
Html_ajax Pear 0.4.0 (including) 0.4.0 (including)
Html_ajax Pear 0.4.1 (including) 0.4.1 (including)
Html_ajax Pear 0.5.0 (including) 0.5.0 (including)
Html_ajax Pear 0.5.1 (including) 0.5.1 (including)
Html_ajax Pear 0.5.2 (including) 0.5.2 (including)
Html_ajax Pear 0.5.3 (including) 0.5.3 (including)
Html_ajax Pear 0.5.4 (including) 0.5.4 (including)
Html_ajax Pear 0.5.5 (including) 0.5.5 (including)
Html_ajax Pear 0.5.6 (including) 0.5.6 (including)
Html_ajax Pear 0.5.7 (including) 0.5.7 (including)

References