9.8

CVE-2017-5677

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PearHtml Ajax Version0.3.0
PearHtml Ajax Version0.3.1
PearHtml Ajax Version0.3.2
PearHtml Ajax Version0.3.3
PearHtml Ajax Version0.3.4
PearHtml Ajax Version0.4.0
PearHtml Ajax Version0.4.1
PearHtml Ajax Version0.5.0
PearHtml Ajax Version0.5.1
PearHtml Ajax Version0.5.2
PearHtml Ajax Version0.5.3
PearHtml Ajax Version0.5.4
PearHtml Ajax Version0.5.5
PearHtml Ajax Version0.5.6
PearHtml Ajax Version0.5.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.83% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://blog.pear.php.net/2017/02/02/security-html_ajax-058/
Vendor Advisory
http://karmainsecurity.com/KIS-2017-01
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Feb/12
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96044
Third Party Advisory
VDB Entry
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646
Third Party Advisory
https://pear.php.net/bugs/bug.php?id=21165
Vendor Advisory