CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

Design/Logic Flaw

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

CVE-2023-22850

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporterblogwordpress.php PHP Object Injection by an admin because of an unserialize call...

PT-2023-18729 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 24.1 Description: The issue allows PHP Object Injection in lib/structures/structlib.php due to an eval when the feature create webhelp is enabled. Recommendations: For versions prior to 24.1, update to version 24.1 or...

CVE-2023-22853

CVE-2023-22853 affects Tiki Wiki CMS Groupware prior to 24.1. The vulnerability is in lib/structures/structlib.php (StructLib::structure_to_webhelp) where an eval() is used with user-controlled input, enabling PHP Object Injection when feature_create_webhelp is enabled. Impact is high (C, I, A) p...

PT-2023-18727 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 24.2 Description: The issue allows PHP Object Injection in lib/importer/tikiimporter blog wordpress.php by an admin due to an unserialize call. Recommendations: For versions prior to 24.2, update to version 24.2 or late...

PT-2023-18726 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 24.1 Description: The issue allows PHP Object Injection in lib/sheet/grid.php due to an unserialize call when the Spreadsheets feature is enabled. Recommendations: For versions prior to 24.1, update to version 24.1 or...

CVE-2023-22851

Tiki Wiki CMS Groupware before 24.2 is vulnerable to PHP Object Injection via lib/importer/tikiimporter_blog_wordpress.php when an admin triggers an unserialize call during WordPress import. CVE-2023-22851 details an object injection flaw that can lead to arbitrary PHP object creation within appl...

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

WordPress HUSKY Plugin < 1.3.2 is vulnerable to PHP Object Injection

Software HUSKY Type Plugin Vulnerable versions 1.3.2 Fixed in 1.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4489 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID acfadb3bf3ab Credits thinhnguyen1337 Required privilege Administrator...

WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application...

CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application...

Design/Logic Flaw

A PHP Object Injection vulnerability in the unserialize function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application...

Spitfire CMS 代码问题漏洞

Spitfire CMS is a system used to maintain the content of a website without handling the details of creating the website. A code issue vulnerability exists in Spitfire CMS version 1.0.475, which stems from its unsafe use of the unserialize function allowing attackers to implement PHP object...

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection Vulnerability

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="fi...

PT-2023-15157 · Unknown · Spitfire Cms

Name of the Vulnerable Software and Affected Versions: Spitfire CMS version 1.0.475 Description: A PHP Object Injection issue in the unserialize function allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. Recommendations: For Spitfire CMS...