SSD Advisory – PHP SplDoublyLinkedList UAF Sandbox Escape

TL;DR Find out how a use after free vulnerability in PHP allows attackers that are able to run PHP code to escape disable_functions restrictions. Vulnerability Summary PHP’s SplDoublyLinkedList is vulnerable to an UAF since it has been added to PHP’s core (PHP version 5.3, in 2009). The UAF allows to escape the PHP sandbox and …

SSD Advisory – PHP SplDoublyLinkedList UAF Sandbox Escape Read More »