WordPress Virim plugin <= 0.4 - Unauthenticated Object Injection vulnerability

Unauthenticated Object Injection vulnerability found by Magnus K. Stubman in WordPress Virim plugin versions = 0.4. Solution 27 May 2019 - This plugin was closed and is no longer available for download...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

Sql injection

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

CVE-2016-10753

CVE-2016-10753 affects e107 2.1.2. It enables a PHP Object Injection vulnerability via usersettings.php that calls unserialize without an HMAC, which leads to a subsequent SQL injection. The root cause is improper handling of unserialize data, enabling an attacker-controlled object to affect data...

Design/Logic Flaw

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to changetags...

CVE-2016-8900

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to changetags...

CVE-2016-8900

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to changetags...

CVE-2016-8900

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to changetags...

CVE-2016-8900

Exponent CMS 2.3.9 is affected by an Object Injection vulnerability in framework/modules/core/controllers/expTagController.php (change_tags). The issue is documented across multiple sources (NVD, RH, CVE lists, etc.) under CVE-2016-8900. According to the NVD entry, the vulnerability has a base sc...

Design/Logic Flaw

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to changecats...

CVE-2016-8899

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to changecats...

CVE-2016-8899

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to changecats...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

Design/Logic Flaw

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8899

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to changecats...

CVE-2016-8899

CVE-2016-8899 affects Exponent CMS version 2.3.9 and involves an Object Injection vulnerability in the file framework/modules/core/controllers/expCatController.php, related to change_cats. The available documents identify the affected product and component and confirm the root cause as object inj...

CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/callplugin.php...

CVE-2016-8901

CVE-2016-8901 affects b2evolution 6.7.6 with an Object Injection vulnerability in /htsrv/call_plugin.php. CVSS3 base score 9.8 (CRITICAL) indicates high-impact, network-exposed, no authentication, and potential for full system compromise; however exploitation details are not provided in the conne...