CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

Design/Logic Flaw

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

CVE-2018-6195

CVE-2018-6195 affects the WordPress plugin wp-splashing-images prior to 2.1.1. An authenticated user (administrator, editor, or author) can exploit PHP Object Injection by sending crafted serialized data in the session parameter to wp-admin/upload.php, allowing remote code execution-like impact. ...

PT-2018-17400 · WordPress · Wp-Splashing-Images

Name of the Vulnerable Software and Affected Versions: wp-splashing-images versions prior to 2.1.1 Description: The issue allows authenticated remote attackers, with roles such as administrator, editor, or author, to conduct PHP Object Injection attacks. This is achieved by sending crafted...

WordPress Splashing Images plugin <=2.1 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability found by Nicolas Buzy-Debat in WordPress Splashing Images plugin versions =2.1. PHP Object Injection attack via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. Solution Update the WordPress Splashing Images plugi...

WordPress Splashing Images Plugin PHP Object Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A PHP object injection...

Splashing Images <= 2.1 - Authenticated PHP Object Injection

The Splashing Images WordPress plugin was affected by an Authenticated PHP Object Injection security vulnerability...

WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection

Product: WordPress Splashing Images Plugin - https://wordpress.org/plugins/wp-splashing-images/ Vendor: Studio Espresso Tested version: 2.1 CVE ID: CVE-2018-6194 :: CVE description :: A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the...

Kaltura - Remote PHP Code Execution over Cookie Exploit

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data...

Kaltura Remote PHP Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution over Cookie', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiti...

Kaltura - Remote PHP Code Execution over Cookie (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution over Cookie', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiti...

Tuleap 9.6 Second-Order PHP Object Injection Exploit

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...

Tuleap 9.6 Second-Order PHP Object Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...

Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...

Flickr Gallery Plugin for WordPress < 1.5.3 PHP Object Injection

According to its self-reported version, the Flickr Gallery Plugin for WordPress running on the remote web server is prior to 1.5.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects and execute arbitrary...

RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection

According to its self-reported version, the RegistrationMagic Plugin for WordPress running on the remote web server is prior to 3.7.9.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects, execute arbitrar...

Enalean Tuleap User::getRecentElements() method code execution vulnerability

Enalean Tuleap is a suite of open source software development and project management tools from Enalean France. The tool provides enterprise application lifecycle management , as well as project tracking , source code management and team collaboration and other functions . A code execution...

WP Smart Security Plugin for WordPress PHP Object Injection

The WP Smart Security Plugin for WordPress is affected by a PHP object injection vulnerability. This plugin is no longer maintained, therefore all known versions are impacted. This vulnerability could allow a remote, unauthenticated attacker to inject PHP objects and execute arbitrary code. Note...