The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation12 reference(s) from NVD