MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

Description MagicLink stores serialized action objects in the magiclinks.action database column and deserializes them without integrity validation or class allowlisting in src/MagicLink.php and src/Actions/ResponseAction.php. An attacker with the ability to manipulate database records e.g., via S...

Deserialization of Untrusted Data

Overview cesargb/laravel-magiclink is a Create secure link for access to private data or login in Laravel without password Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the magiclinks.action database column during the deserialization process. An attacke...