Lucene search
HistoryOct 10, 2014 - 1:55 a.m.
CVE-2014-5297
cve-2014-5297
x2engine
php object injection
ssrf
vulnerability
security
nvd
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| x2engine:x2engine | x2engine | eq | 4.1.7 |
| x2engine:x2engine | x2engine | eq | 2.8 |
Related
securityvulns
securityvulns
prion
prion
Server side request forgery (ssrf)
2014-10-10 01:55:00
packetstorm
packetstorm
X2Engine 4.1.7 PHP Object Injection
2014-09-23 00:00:00
nessus
nessus
X2Engine < 4.2 Multiple Vulnerabilities
2015-02-23 00:00:00
zdt
zdt
X2Engine 4.1.7 PHP Object Injection / Unrestricted File Upload Vulnerabilies
2014-09-23 00:00:00
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%
Related for CVE-2014-5297