3 matches found
CVE-2015-5687
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...
CVE-2015-5687
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...
CVE-2015-5687
AnchorCMS 0.9.x is vulnerable to PHP object injection and arbitrary code execution via a crafted serialized object in a cookie. The root cause is the cookie-based session driver failing to filter malicious serialized objects in the cookie, allowing an attacker to inject PHP objects and execute co...