CVE-2020-35938

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be...

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

CVE-2020-26165

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

CVE-2020-26165

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

Design/Logic Flaw

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

CVE-2020-26165

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

CVE-2020-26165

CVE-2020-26165 affects qdPM through v9.1, where PHP object injection is possible via timeReportActions::executeExport due to using unserialize on user-supplied input. This vulnerability stems from unserialize on the export parameter, enabling injection attacks that can lead to code execution or o...

qdPM 9.1 PHP Object Injection

-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...

qdPM 代码注入漏洞

qdPM is a free Web-based open source project management tool , written in symfony framework for small teams . qdPM 9.1 and earlier versions have PHP object injection vulnerabilities. An attacker can exploit this vulnerability by using timeReportActions::executeExport in...

Newsletter Manager <= 1.5.1 - Unauthenticated Insecure Deserialisation

The plugin is affected by an insecure deserialisation issue, which could lead to an unauthenticated PHP object injection when a suitable gadget chain is present...

Concrete CMS: Phar Deserialization Vulnerability via Logging Settings

Vulnerability Description: The vulnerable code is located within the concrete/controllers/singlepage/dashboard/system/environment/logging.php script. Specifically, into the Logging::updatelogging method: public function updatelogging $config = $this-app-make'config'; $request = $this-request; if...

WP Hotel Booking <= 1.10.3 - Unauthenticated PHP Object Injection

The plugin unserialised the value in the thimpresshotelbooking1 cookie without sanitisation, which could lead to an unauthenticated PHP Object Injection. If the plugin is installed on WP 5.5.2, then there is a suitable gadget chain to obtain RCE, otherwise, another gadget chain will have to be us...

Ultimate Reviews < 2.1.33 - Unauthenticated PHP Object Injection

There were three occurrences in the plugin where an unauthenticated user could inject a serialized PHP object via a cookie, which could potentially lead to a PHP object injection vulnerability...

WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin versions = 1.9.35. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 1.9.36...

Welcart e-Commerce < 1.9.36 - Authenticated PHP Object Injection

The plugin unserialises via uscesunserialize the content of the uscescookie cookie, which could lead to a PHP Object Injection issue...

RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

GHSA-JRGF-VFW2-HJ26 RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

PHP Object Injection

gosa is vulnerable to PHP object injection. The vulnerability allows a remote authenticated attacker to perform file deletions in the context process worker of the web server using a malicious cookie value. This is due to lack of validation during deserializing of cookie value to restore filter...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution RCE. The vulnerability exists as an admin user can generate SOAP credentials that can be used to cause RCE with a PHP Object Injection flaw through the product attributes...

CVE-2020-15244

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...