3587 matches found
CVE-2018-10085
CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...
Open Web Analytics Heap Buffer Overflow Vulnerability
Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...
CVE-2014-2293
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...
Design/Logic Flaw
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...
CVE-2014-2293
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the 1 authenticationmethodser or 2 authenticationinfoser parameter to index.php, or 3...
CVE-2014-2293
CVE-2014-2293 affects Zikula Application Framework prior to 1.3.7 build 11. The vulnerability arises from PHP object injection via crafted serialized data in index.php parameters: authentication_method_ser, authentication_info_ser, or zikulaMobileTheme. This can allow remote attackers to delete a...
Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection
Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. PoC Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order=SERIALIZED-OBJECT"...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
Design/Logic Flaw
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2018-1000059
Summary: ValidFormBuilder 4.5.4 contains a PHP Object Injection vulnerability in the Valid Form unserialize method. The root cause is insecure deserialization, enabling possible remote command execution and disclosure of files. Affected product/version: ValidFormBuilder 4.5.4. Impact: unauthorise...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
Design/Logic Flaw
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6195
CVE-2018-6195 affects the WordPress plugin wp-splashing-images prior to 2.1.1. An authenticated user (administrator, editor, or author) can exploit PHP Object Injection by sending crafted serialized data in the session parameter to wp-admin/upload.php, allowing remote code execution-like impact. ...
WordPress Splashing Images plugin <=2.1 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability found by Nicolas Buzy-Debat in WordPress Splashing Images plugin versions =2.1. PHP Object Injection attack via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. Solution Update the WordPress Splashing Images plugi...
PT-2018-17400 · WordPress · Wp-Splashing-Images
Name of the Vulnerable Software and Affected Versions: wp-splashing-images versions prior to 2.1.1 Description: The issue allows authenticated remote attackers, with roles such as administrator, editor, or author, to conduct PHP Object Injection attacks. This is achieved by sending crafted...
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
Product: WordPress Splashing Images Plugin - https://wordpress.org/plugins/wp-splashing-images/ Vendor: Studio Espresso Tested version: 2.1 CVE ID: CVE-2018-6194 :: CVE description :: A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the...