Lucene search

[email protected]CVE-2015-5687

HistoryOct 05, 2015 - 2:59 p.m.

CVE-2015-5687

2015-10-0514:59:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2015-5687

anchor cms

php object injection

arbitrary code execution

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.

CPENameOperatorVersion
anchorcms:anchor_cmsanchorcms anchor cmseq0.9.3
anchorcms:anchor_cmsanchorcms anchor cmseq0.9.1
anchorcms:anchor_cmsanchorcms anchor cmseq0.9.2

CPE	Name	Operator	Version
anchorcms:anchor_cms	anchorcms anchor cms	eq	0.9.3
anchorcms:anchor_cms	anchorcms anchor cms	eq	0.9.1
anchorcms:anchor_cms	anchorcms anchor cms	eq	0.9.2

References

seclists.org/fulldisclosure/2015/Aug/76

seclists.org/fulldisclosure/2015/Aug/83

github.com/anchorcms/anchor-cms/pull/904

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2015-5687

prion1 cvelist1 zdt1 veracode1