Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-G5VJ-WJ9X-4JG9
HistoryMay 29, 2024 - 6:53 p.m.

symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension

2024-05-2918:53:48
Google
osv.dev
symbiote silverstripe multivaluefield php object injection deserialization vulnerability json xss software

6.3 Medium

AI Score

Confidence

High

JSON

A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection.

Support for handling PHP objects as values in this module has been deprecated, and the serialisation technique has been switched to using JSON for handling arrays.

As well as this, a potential XSS (cross-site scripting) vulnerability has been identified and remediated.

6.3 Medium

AI Score

Confidence

High

JSON