CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

WPML Translation Management <= 2.4.1 - PHP Object Injection

The wpml-translation-management WordPress plugin was affected by a PHP Object Injection security vulnerability...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

WordPress Ultimate Product Catalog plugin <= 4.2.24 - PHP Object Injection

A vulnerability exists in UPCPAddToCart function. There the cookie is unserialized which means an attacker can create a malicious user input to create a PHP object injection. Solution Update the plugin...

WordPress Ultimate Product Catalog 4.2.24 Plugin - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

WordPress Ultimate Product Catalog 4.2.24 PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

Sql injection

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

CVE-2017-15919

The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...

WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...

VulnCheck KEV: CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...

Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The flickr-gallery WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

WordPress MarketPress plugin <=3.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Robert R in WordPress MarketPress plugin versions =3.2.6 . Solution Update the WordPress MarketPress plugin to the latest available version at least 3.2.7...

WordPress Shoppable Images Lite plugin <=1.0.0 - Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerabilities

WordPress Shoppable Images Lite plugin Cross-Site Request Forgery CSRF/PHP Object Injection Vulnerabilities were found in the showadminnotices function. The value of $GET nonce variable is unserialized, which allows PHP object injection. Solution Update the plugin...