9 matches found
CVE-2019-16885
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
OkayCMS Remote Code Execution Vulnerability
OkayCMS is a content management system CMS for creating online e-shops. A security vulnerability exists in OkayCMS 2.3.4 and earlier versions. The vulnerability can be exploited by an attacker to execute code via injection of malicious PHP objects via specially crafted cookies...
OkayCMS 2.3.4 Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications Unauthenticated remote code execution in OkayCMS Overview Target: OkayCMS Vendor: OkayCMS Version: all versions including 2.3.4 CVE: CVE-2019-16885 Accessibility: Local Severity: Critical Author: Wolfgang Hotwagner AIT Austrian Institute of...
CVE-2019-16885
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
CVE-2019-16885
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
Remote code execution
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
CVE-2019-16885
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie pricefilter, and second in api/Comparison.php via the cookie compariso...
CVE-2019-16885
CVE-2019-16885 affects OkayCMS up to 2.3.4. The vulnerability is due to unsafe deserialization via cookies: price_filter in view/ProductsView.php and comparison in api/Comparison.php. An unauthenticated attacker can trigger remote code execution by injecting a malicious PHP object that is unseria...
OkayCMS CVE-2019-16885 Multiple Remote Code Execution Vulnerabilities
Description OkayCMS is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the system. OkayCMS versions through 2.3.4 are vulnerable. Technologies Affected OkayCMS OkayCMS 1.0.0 OkayCMS OkayCMS 1.1.0 OkayCMS OkayCMS 1.2.0 OkayCM...