3 matches found
OpenPNE 3.8.9 PHP Object Injection Vulnerability
Exploit for php platform in category web applications OpenPNE getRequest-getHost; if $value = sfContext::getInstance-getRequest-getCookie$key $value = unserializebase64decode$value; return $value; User input passed through cookies is not properly sanitized before being used in an unserialize call...
Secunia Research: OpenPNE PHP Object Injection Vulnerability
====================================================================== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability ====================================================================== Table of Contents Affected...
CVE-2013-5350
OpenPNE contains a PHP Object Injection vulnerability in opSecurityUser.getRememberLoginCookie() that processes cookies with unserialize(base64_decode()) without proper input filtering. A remote unauthenticated attacker could craft a serialized object in a Cookie header to execute arbitrary PHP c...