CMS Commander Client <= 2.21 - Unauthenticated PHP Object Injection

The CMS Commander – Manage Multiple Sites WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

CVE-2016-4010

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data...

Design/Logic Flaw

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

CVE-2017-5543 affects Subrion CMS 4.0.5 where a vulnerable PHP file, includes/classes/ia.core.users.php, allows remote attackers to perform PHP Object Injection via crafted serialized data in a salt cookie during login. Public references and CVSS indicate a high-severity impact (NVD lists base sc...

e107 2.1.2: SQL Injection through Object Injection

RIPS Analysis The e107 CMS consists of 317,356 lines of code and was analyzed in about 2 minutes. Many of the vulnerabilities found by RIPS are exploitable, despite a few exceptions. The main reason for this is that e107 contains a lot of unused code from previous releases and thus not all affect...

WordPress Restore Dropbox plugin <= 1.4.7 - PHP Object Injection Vulnerability

WordPress Restore Dropbox plugin allows a possible PHP Object Injection vulnerability in wpadmunpack function. Solution Update the plugin...

WordPress Plugin Google Analytics Counter Tracker PHP Object Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WordPress plugin Google Analytics Counter Tracker has a PHP object injection vulnerability, the vulnerability...

WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability -----------------------------------------------------------------------...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

RIPS Analysis The forum phpBB2 consists of only 50,000 lines of code and RIPS took only 19 seconds for its in-depth security analysis to complete. It found various PHP object injection vulnerabilities which are less severe due to missing gadget chains. Further, many SQL injections are reported du...

WordPress Google Analytics Counter Tracker Plugin <= 3.4.0 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. It allows attackers to execute arbitrary PHP code. Solution Update the plugin...

WordPress Google Analytics Counter Tracker Plugin <= 3.4.0 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. It allows attackers to execute arbitrary PHP code. Solution Update the plugin...

WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection

------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability ------------------------------------------------------------------------ Remco Vermeulen, July 2016...

WordPress BP Profile Search Plugin <= 4.5.3 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. Solution Update the plugin...

WordPress BP Profile Search Plugin <= 4.5.3 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. Solution Update the plugin...

BP Profile Search <= 4.5.3 - PHP Object Injection

The plugin bp-profile-search insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 4.6, information is being released now as a disclosure period has expired...

Zikula 'jcss.php' Directory Traversal Vulnerability

Zikula is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Zikula Directory Traversal Vulnerability

Zikula is the Zikula Foundation's set of PHP application frameworks for building and maintaining Web sites, which can be extended with third-party add-on modules into communities, portals, e-commerce, and more. A directory traversal vulnerability exists in the jcss.php file in Zikula versions 1.3...