CVE-2016-5726

Packages.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter...

CVE-2016-5726

CVE-2016-5726 affects SMF 2.1, where Packages.php is vulnerable to a PHP object injection via the themechanges array parameter, enabling remote code execution. The vulnerability stems from how user-supplied data within that parameter is processed, allowing an attacker to craft payloads that execu...

CVE-2017-5677

PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...

CVE-2017-5677

PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...

ExpressionEngine: Type Juggling -> PHP Object Injection -> SQL Injection Chain

Justin Kennedy identified a Type Juggling vulnerability in ExpressionEngine that allowed access to unserialize using user supplied data, ultimately achieving SQL Injection. The full details of this vulnerability can be found here:...

WordPress InfiniteWP Client 1.5.1.3 / 1.6.0 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...

WordPress Google Forms Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitrary PHP...

WordPress CMS Commander Client Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the CMS Commander Client WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitra...

CMS Commander Client <= 2.21 - Unauthenticated PHP Object Injection

The CMS Commander – Manage Multiple Sites WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

Subrion CMS PHP Object Injection Vulnerability

Subrion CMS is an open source content management system CMS. Subrion CMS suffers from a PHP object injection vulnerability that stems from a failure to adequately validate user input. An attacker can use this vulnerability to inject arbitrary objects into the application, delete files, view files...

Design/Logic Flaw

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

CVE-2017-5543

CVE-2017-5543 affects Subrion CMS 4.0.5 where a vulnerable PHP file, includes/classes/ia.core.users.php, allows remote attackers to perform PHP Object Injection via crafted serialized data in a salt cookie during login. Public references and CVSS indicate a high-severity impact (NVD lists base sc...

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...

WordPress Restore Dropbox plugin <= 1.4.7 - PHP Object Injection Vulnerability

WordPress Restore Dropbox plugin allows a possible PHP Object Injection vulnerability in wpadmunpack function. Solution Update the plugin...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

RIPS Analysis The forum phpBB2 consists of only 50,000 lines of code and RIPS took only 19 seconds for its in-depth security analysis to complete. It found various PHP object injection vulnerabilities which are less severe due to missing gadget chains. Further, many SQL injections are reported du...

WordPress Google Analytics Counter Tracker Plugin <= 3.4.0 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. It allows attackers to execute arbitrary PHP code. Solution Update the plugin...

WordPress Google Analytics Counter Tracker Plugin <= 3.4.0 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. It allows attackers to execute arbitrary PHP code. Solution Update the plugin...

WordPress Google Analytics Counter Tracker 3.1.5 PHP Object Injection

------------------------------------------------------------------------ Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability ------------------------------------------------------------------------ Remco Vermeulen, July 2016...

WordPress BP Profile Search Plugin <= 4.5.3 - PHP Object Injection

This plugin is prone to a PHP object injection vulnerability. Solution Update the plugin...