3 matches found
Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure
Introduction ============ ZX Security identified several vulnerabilities the Squiz Matrix CMS that can be chained together to gain pre-authenticated remote code execution in some circumstances. Affected Versions ================= The issues in this advisory affect the following versions of Squiz...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19373
Squiz Matrix CMS is affected by CVE-2019-19373 across multiple 5.5.x releases: 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3. The vulnerability arises from arbitrary PHP object deserialization in the Remote Content page type when processing the package...