CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

Design/Logic Flaw

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities

According to its self-identified version number, the Joomla! installation hosted on the remote web server is 2.5.x prior to 2.5.10 or 3.0.x prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists due to a failure to properly verify...

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

Design/Logic Flaw

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

CVE-2013-3242

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 are affected by CVE-2013-3242 due to improper handling of an object obtained from unserializing a cookie in plugins/system/remember/remember.php. An authenticated remote attacker can trigger PHP object injection and cause a denial of service via ...

Joomla! 3.0.3 PHP Object Injection

------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could be exploited to inject arbitrary PHP objects into...

CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight...

CVE-2013-1465

The Cubecart::basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object...

CubeCart 5.2.0 - &#039;cubecart.class.php&#039; PHP Object Injection

------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...

CubeCart 5.2.0 PHP Object Injection

------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass

?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...

Invision Power Board &lt;= 3.3.4 &quot;unserialize()&quot; PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...

Invision Power Board (IP.Board) 3.3.4 - &#039;Unserialize()&#039; PHP Code Execution

?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...

CVE-2007-4763

PHP remote file inclusion vulnerability in dbmodules/DBadodb.class.php in PHP Object Framework PHPOF 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOFINCLUDEPATH parameter...

CVE-2007-4763

PHP remote file inclusion vulnerability in dbmodules/DBadodb.class.php in PHP Object Framework PHPOF 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOFINCLUDEPATH parameter...

CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

More info at https://symfony.com/cve-2026-45077...