CVE-2020-12469

Subrion CMS ≤ 4.2.1 is affected by a PHP Object Injection vulnerability in admin/blocks.php. The issue arises from serialized data in the subpages value when interacting with blocks/edit, enabling object injection and potentially deletion of files. The Red Hat and CVE records corroborate the same...

QRadar Community Edition 7.3.1.6 PHP Object Injection

------------------------------------------------------------------------ PHP object injection vulnerability in QRadar Forensics web application ------------------------------------------------------------------------ Yorick Koster, September 2019...

Security Bulletin: IBM QRadar SIEM is vulnerable to PHP object injection (CVE-2020-4271)

Summary IBM QRadar SIEM is vulnerable to PHP object injection Vulnerability Details CVEID: CVE-2020-4271 DESCRIPTION: IBM QRadar could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. CVSS Base score: 6.3 CVSS Temporal Score: See:...

Pydio Core and Pydio Enterprise Injection Vulnerabilities

Pydio AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A security vulnerability exists in the plugins/uploader.http/HttpDownload.php file in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2....

Pydio Core < 8.2.4 Multiple PHP Object Injection Vulnerabilities

Pydio Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pydio:pydio"; ifdescription...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

Remote code execution

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

Remote code execution

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

CVE-2019-20453 affects Pydio Core (before 8.2.4) and Pydio Enterprise (before 8.2.4). A PHP object injection flaw exists in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. Public details across mult...

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20452

Summary: CVE-2019-20452 affects Pydio Core (pre-8.2.4) and Pydio Enterprise (pre-8.2.4). A PHP object injection vulnerability resides in plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. The issue is do...

GHSA-7W4P-72J7-V7C2 Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

Design/Logic Flaw

SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection...

CVE-2020-8800

SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection...

SuiteCRM Bean Operation Vulnerability

SuiteCRM is a free and open source customer relationship management application. SuiteCRM has a bean manipulation vulnerability. The vulnerability is due to the "HealEngutsRe::ActhOnthAvieHTMLField" method which allows the creation of new beans or modification of fields of arbitrary beans. An...