4 matches found
PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP object injection vulnerability
Software Link: https://pear.php.net/package/HTMLAJAX Affected Versions: All versions from 0.3.0 to 0.5.7. Vulnerability Description: The vulnerable code is located within the HTMLAJAXSerializerPHP class defined into the /AJAX/Serializer/PHP.php script. Such a class uses the unserialize PHP functi...
PEAR HTML_AJAX 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability
Exploit for php platform in category web applications --------------------------------------------------------------------------- PEAR HTMLAJAX = 0.5.7 PHP Serializer PHP Object Injection Vulnerability --------------------------------------------------------------------------- - Software Link:...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
Summary: CVE-2017-5677 affects PEAR HTML_AJAX versions 0.3.0–0.5.7. The vulnerability is a PHP Object Injection in the HTML_AJAX_Serializer_PHP class, which uses unserialize() on user-controlled input. The root cause is described as an incorrect regular expression used to extract class names, all...