5 matches found
X2Engine < 4.2 Multiple Vulnerabilities
According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...
[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...
CVE-2014-5297
The CVE-2014-5297 entry affects X2Engine 2.8–4.1.7, specifically the actionSendErrorReport method in protected/controllers/SiteController.php. The vulnerability arises from taking user-supplied data in the POST parameter report, applying base64_decode followed by unserialize without proper saniti...
X2Engine 4.1.7 PHP Object Injection
------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...
X2Engine 4.1.7 PHP Object Injection / Unrestricted File Upload Vulnerabilies
X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist. ------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection...