The host is installed with php before 5.4.36, 5.5.x before 5.5.20 or 5.6.x before 5.6.4 and is prone to an use-after-free vulnerability. The flaw is present in the application, which fails to properly handle a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object. Successful exploitation allows remote attackers to execute arbitrary code.