Deserialization of untrusted data

2009-11-2913:07:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

CPENameOperatorVersion
simplogeq0.9.3.2

CPE	Name	Operator	Version
	simplog	eq	0.9.3.2

References

secunia.com/advisories/21390

www.securityfocus.com/bid/37063

exchange.xforce.ibmcloud.com/vulnerabilities/54355

www.exploit-db.com/exploits/10180