5 matches found
ForkCMS PHP Object Injection
ForkCMS PHP Object Injection ========================= | Identifier: | AIT-SA-20210215-04 | | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT...
CVE-2020-24036
creationtimestamp| type| source ---|---|--- 2021-03-04 16:46:34+00:00| seen| https://t.me/cibsecurity/24448...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2020-24036
ForkCMS prior to version 5.8.3 is affected by PHP object injection via the backend Ajax endpoint. The vulnerability allows an authenticated remote user to inject PHP objects through unserialize calls in the Ajax handlers, enabling remote code execution. The issue is specific to ForkCMS’s backend ...