8075 matches found
Deserialization of untrusted data
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...
CVE-2020-36326
PHPMailer is affected in versions 6.1.8–6.4.0 by an object-injection vulnerability via Phar deserialization when using addAttachment with a UNC pathname. The issue arose after 6.1.8 fixed a UNC-path readability problem, unintentionally removing a block that previously prevented exploitation. Mult...
CVE-2020-36326
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...
CVE-2020-36326
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...
PT-2021-12009 · Phpmailer · Phpmailer
Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.1.8 through 6.4.0 Description: The issue allows object injection through Phar Deserialization via the addAttachment method with a UNC pathname. This is a reintroduction of an earlier problem due to an unrelated bug fix in...
PHPMailer 代码问题漏洞
PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...
CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...
CVE-2021-20087
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype...
CVE-2021-20088
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...
jquery-sparkle 安全漏洞
jquery-sparkle is an application. jQuery's "Don't Repeat Yourself" plugin/effects framework. A security vulnerability exists in jquery-sparkle 1.5.2-beta, which arises from an improperly controlled modification that allows a malicious user to inject properties into Object...
WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...
Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL, $wpur...
Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL,...
WordPress Facebook for WordPress Plugin < 3.0.0 PHP Object Injection Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24217
The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...
CVE-2021-24217
The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...
Design/Logic Flaw
The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...
CVE-2021-24217 Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain
The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...
CVE-2021-24217
The CVE-2021-24217 entry concerns the WordPress Facebook for WordPress plugin prior to version 3.0.0. The vulnerability arises because run_action deserializes user-supplied data, enabling PHP object injection, and an available magic method could be exploited to achieve remote code execution. Affe...
VulnCheck KEV: CVE-2015-7808
The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...