Design/Logic Flaw

PHP Object Injection vulnerability in Easy Digital Downloads plugin = 3.0.1 at WordPress...

CVE-2022-33900 WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability in Easy Digital Downloads plugin = 3.0.1 at WordPress...

CVE-2022-33900 WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability in Easy Digital Downloads plugin = 3.0.1 at WordPress...

Easy Digital Downloads < 3.0.2 - Admin+ PHP Object Injection

The plugin does not validate user input before unserialising it, which could allow high privilege users to perform PHP Objection injection attacks...

WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability was discovered by Robert Rowley Patchstack in the WordPress Easy Digital Downloads plugin versions = 3.0.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0.2...

CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

WordPress plugin Feed Them Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Feed Them...

WordPress Ninja Forms plugin <= 3.6.10 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered in WordPress Ninja Forms plugin versions = 3.6.10. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.11...

Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection

The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...

Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

GHSA-2P2X-MW56-JC98 Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

GHSA-RF8F-HQJV-986P Shopware Insecure Deserialization Vulnerability

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code...

CVE-2022-24108

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted...

CVE-2022-24108

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted...

GHSA-G7PJ-3V97-3VXP Pimcore Vulnerable to PHP Object Injection Attacks

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

Pimcore Vulnerable to PHP Object Injection Attacks

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

GHSA-74MF-VJPG-9XH7 Slim vulnerable to PHP object injection

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

Slim vulnerable to PHP object injection

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

Symfony Arbitrary PHP code Execution

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

CodeIgniter and Kohana vulnerable to PHP Object Injection

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...