PHP Object Injection Vulnerability in PEAR HTML_AJAX PHP Serializer

CVE-2017-5677 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.

Learn more about our Web Application Penetration Testing UK.