wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.
References
Configurations
Information
Published : 2013-09-12 06:28
Updated : 2013-10-01 21:29
NVD link : CVE-2013-4338
Mitre link : CVE-2013-4338
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
wordpress
- wordpress