CVE-2018-20148

CVE-2018-20148 affects WordPress versions prior to 4.9.9 and 5.x prior to 5.0.1. The issue stems from mishandling of serialized data at phar:// URLs in wp-includes/post.php: wp_get_attachment_thumb_file can mishandle metadata and lead to PHP object injection via crafted wp.getMediaItem XMLRPC cal...

CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

WordPress <= 5.0 - PHP Object Injection via Meta Data

Description According to WordPress: "Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection."...

WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability

PHP Object Injection via Meta Data vulnerability found by Sam Thomas in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...

wordpress -- multiple issues

wordpress developers reports: WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors...

Debian DSA-4351-1 : libphp-phpmailer - security update

It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

[SECURITY] [DSA 4351-1] libphp-phpmailer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4351-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : php-phpmailer6 (2018-46b92c9064)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

Debian DLA-1593-1 : phpbb3 security update

Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel...

Debian: Security Advisory (DLA-1593-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Patreon Connect < 1.2.2 - PHP Object Injection

The Patreon WordPress WordPress plugin was affected by a PHP Object Injection security vulnerability...

phpBB < 3.2.4 RCE Vulnerability

phpBB is prone to a remote code execution RCE vulnerability through object injection. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Object Injection Attack

phpmailer/phpmailer is vulnerable to object injection attacks. The vulnerability exists due to the lack of validation on file paths to ensure if it is a permitted type, allowing object injection attacks...

PHPMailer < 5.2.27, 6.x < 6.0.6 Object Injection Attack Vulnerability

PHPMailer is prone to an object injection vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

Remote code execution

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...