3579 matches found
Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI
FUGIO Production Guide Introduction FUGIO is the firs...
CVE-2023-4971
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...
CVE-2018-10085
CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...
CVE-2018-1000059
ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...
CVE-2016-10753
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
CVE-2017-18605
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...
CVE-2017-18375
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php...
CVE-2019-20452
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...
CVE-2019-20453
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...
CVE-2020-12469
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...
CVE-2023-4386
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...
CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...
CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...
CVE-2025-67911
CVE-2025-67911 describes a Deserialization of Untrusted Data vulnerability in the Tribulant Software Newsletters newsletters-lite plugin. The WordPress/newsletters entry states unauthenticated Object Injection via deserialization, affecting Newsletters: from n/a through
CVE-2025-47552 WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37...
CVE-2024-2017
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...