CVE-2016-9138 log

Severity High
Remote Yes
Type Arbitrary code execution
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
Group Package Affected Fixed Severity Status Ticket
AVG-58 php 7.0.12-2 7.0.13-1 High Fixed
Date Advisory Group Package Severity Type
18 Nov 2016 ASA-201611-19 AVG-58 php High multiple issues