CVE-2017-5677

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt