Lucene search
K

3 matches found

Cvelist
Cvelist
added 2024/05/16 7:33 p.m.37 views

CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

7.5CVSS7.8AI score0.00588EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 7:33 p.m.16 views

CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

7.5CVSS7.1AI score0.00588EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.21 views

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.57 is vulnerable to PHP Object Injection

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.57 Fixed in 4.9.58 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4733 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID c137dcbad43b Credits Peter...

7.5CVSS6.8AI score0.00588EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder