3 matches found
OpenCATS Remote Code Execution (CVE-2021-25294)
A remote code execution vulnerability exists in OpenCATS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-25294
OpenCATS up to version 0.9.5-3 is affected by CVE-2021-25294 due to unsafe deserialization in lib/DataGrid.php. The vulnerability deserializes index.php?m=activity requests via unserialize on the parameters activity:ActivityDataGrid, enabling a PHP object injection chain that can leverage a __des...
CVE-2021-25294
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...