8070 matches found
CVE-2025-67911
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...
Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI
FUGIO Production Guide Introduction FUGIO is the firs...
CVE-2023-4971
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
CVE-2018-10085
CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2019-20452
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...
CVE-2019-20453
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...
CVE-2020-12469
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2024-39630
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...
CVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...
CVE-2023-4386
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...
CVE-2025-47552
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37...
CVE-2025-23932
Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through = 3.00...
CVE-2025-23914
Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through = 3.1...
CVE-2025-67911
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...