Code injection

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...

Newsletter WordPress Plugin Opens Door to Site Takeover

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Newsletter < 6.8.2 - Authenticated PHP Object Injection

The ‘restoreoptionsfromrequest‘ function called by the AJAX function ‘tnpcrendercallback‘ runs ‘unserialize’ directly on ‘$options'inlineedits'’ which is provided by user input in the $POST‘options’ parameter. This creates the potential for an Object Injection vulnerability. For example, a user...

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-9664

CVE-2020-9664 affects Magento Open Source 1.x and Commerce 1.x, with versions 1.14.4.5 and earlier and 1.9.4.5 and earlier vulnerable to PHP object injection that could lead to arbitrary code execution. Multiple sources (NVD, Red Hat, GHSA advisories, OSV, CNVD, and OpenVAS) corroborate the issue...

EUVD-2022-2092

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution...

Concrete CMS: Arbitrary File delete via PHAR deserialization

crayons : Concrete5 Arbitrary File delete via PHAR deserialization - Target: Concrete5 - Version: 8.5.4 Latest at 2020. 07. 12 / PHP 7.2 - Credit: WSP Lab@KAIST - Contact: [email protected] TL; DR - An attacker can send an arbitrary input value in the isdir function, which causes a PHAR...

Magento 1 Multiple Vulnerabilities (APSB20-41)

Magento 1 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

Design/Logic Flaw

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

CVE-2020-14933

CVE-2020-14933 affects SquirrelMail 1.4.22. compose.php calls unserialize on the attachments value derived from HTTP POST data, enabling an unsafe deserialization path. The vendor disputes that the required PHP object-injection conditions are met (presence of a PHP magic method and attack-relevan...

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

Agent Tesla Panel Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018...

Agent Tesla Panel Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Agent Tesla Panel Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability within the Agent Tesla contro...

Agent Tesla Panel Remote Code Execution

This module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to Sepetember 12, 2018 can be...

PHP Object Injection

intelliants/subrion is vulnerable to PHP object injection. The vulnerability exists through the serialized data in the subpages value within admin/blocks.php to block/edit...