3 matches found
CVE-2025-34292
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...
CVE-2025-34292
The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...
BeWelcome 安全漏洞
BeWelcome is a travel sharing site open-sourced by BeWelcome. BeWelcome has a security vulnerability that stems from improper handling of deserialization of the POST parameters formkitmemoryrecovery and memory cookie bwRemember, which could lead to a PHP object injection attack...