SugarCRM 'SugarRestSerialize.php' PHP Object Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP object...

SugarCRM PHP Object Injection Vulnerability (Jun 2016)

SugarCRM is prone to a PHP injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm";...

WordPress Collne Welcart e-Commerce Plugin Executes Arbitrary PHP Code Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Collne Welcart e-Commerce is one of the e-commerce plug-ins. A security vulnerability exists in the WordPress Collne Welcar...

CVE-2016-4825

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

CVE-2016-4825

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

Design/Logic Flaw

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

CVE-2016-4825

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

CVE-2016-4825

The CVE-2016-4825 issue affects the WordPress plugin Welcart e‑Commerce (Collne Welcart) prior to version 1.8.3. Affected component: PHP unserialization in the plugin’s handling of serialized data, enabling PHP object injection and arbitrary code execution by a remote attacker. The vulnerability ...

WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

Overview WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Welcart e-Commerce < 1.8.3 - PHP Object Injection

The Welcart e-Commerce WordPress plugin was affected by a PHP Object Injection security vulnerability...

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...

Magento 2.0.6 Unserialize Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Magento 2.0.6 Unserialize Remote Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability ...

Magento 2.0.6 Unserialize Remote Code Execution

This module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Magento 2.0.6 Unserialize Remote Code Execution',...

Pornhub: [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com

Researcher was able to exploit a serialization error in the SimpleXMLElement class to perform object injection using the callbackUrl parameter. Researcher was successful in achieving the following: SSRF Local file inclusion Limited execution of database commands without output I exploited the...

BigTree Object Injection Vulnerability

Fastspot BigTree is a PHP and MySQL based open source content management system . An object injection vulnerability exists in BigTree 4.2.8, which can be exploited by an attacker to disallow configuration updates by default...

WordPress Collne Welcart e-Commerce Plugin <= 1.8.2 - SQL Injection

This vulnerability allows an attacker to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. Solution Update the plugin...

WordPress Ninja Forms Plugin PHP Object Injection Hole

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A security vulnerability exists in the WordPress Ninja Forms plugi...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

Design/Logic Flaw

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...