Ultimate Reviews < 2.1.33 - Unauthenticated PHP Object Injection

There were three occurrences in the plugin where an unauthenticated user could inject a serialized PHP object via a cookie, which could potentially lead to a PHP object injection vulnerability...

Welcart e-Commerce < 1.9.36 - Authenticated PHP Object Injection

The plugin unserialises via uscesunserialize the content of the uscescookie cookie, which could lead to a PHP Object Injection issue...

WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin versions = 1.9.35. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 1.9.36...

GHSA-JRGF-VFW2-HJ26 RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

PHP Object Injection

gosa is vulnerable to PHP object injection. The vulnerability allows a remote authenticated attacker to perform file deletions in the context process worker of the web server using a malicious cookie value. This is due to lack of validation during deserializing of cookie value to restore filter...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution RCE. The vulnerability exists as an admin user can generate SOAP credentials that can be used to cause RCE with a PHP Object Injection flaw through the product attributes...

CVE-2020-15244

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

Code injection

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...

Newsletter WordPress Plugin Opens Door to Site Takeover

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Newsletter < 6.8.2 - Authenticated PHP Object Injection

The ‘restoreoptionsfromrequest‘ function called by the AJAX function ‘tnpcrendercallback‘ runs ‘unserialize’ directly on ‘$options'inlineedits'’ which is provided by user input in the $POST‘options’ parameter. This creates the potential for an Object Injection vulnerability. For example, a user...

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-9664

CVE-2020-9664 affects Magento Open Source 1.x and Commerce 1.x, with versions 1.14.4.5 and earlier and 1.9.4.5 and earlier vulnerable to PHP object injection that could lead to arbitrary code execution. Multiple sources (NVD, Red Hat, GHSA advisories, OSV, CNVD, and OpenVAS) corroborate the issue...

EUVD-2022-2092

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

Concrete CMS: Arbitrary File delete via PHAR deserialization

crayons : Concrete5 Arbitrary File delete via PHAR deserialization - Target: Concrete5 - Version: 8.5.4 Latest at 2020. 07. 12 / PHP 7.2 - Credit: WSP Lab@KAIST - Contact: [email protected] TL; DR - An attacker can send an arbitrary input value in the isdir function, which causes a PHAR...

Magento 1 Multiple Vulnerabilities (APSB20-41)

Magento 1 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...