CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Edit twigmo.php This vulnerability can be addressed by deleting or commenting out the following part...

SugarCRM REST Unserialize PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in...

Malware Information Sharing Platform PHP Object Injection Vulnerability

The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A PHP object injection vulnerability exists in versions of MISP prior to 2.3.90. A remote...

CVE-2015-5721

Malware Information Sharing Platform MISP before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populateeventfromtemplateattributes.ctp...

CVE-2015-5721

The vulnerability CVE-2015-5721 affects Malware Information Sharing Platform (MISP) before 2.3.90. A PHP object injection flaw exists via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. Remote attackers could exploit this to execute cod...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

CVE-2016-4825

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

Design/Logic Flaw

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

CVE-2016-4825

The CVE-2016-4825 issue affects the WordPress plugin Welcart e‑Commerce (Collne Welcart) prior to version 1.8.3. Affected component: PHP unserialization in the plugin’s handling of serialized data, enabling PHP object injection and arbitrary code execution by a remote attacker. The vulnerability ...

CVE-2016-4825

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data...

Welcart e-Commerce < 1.8.3 - PHP Object Injection

The Welcart e-Commerce WordPress plugin was affected by a PHP Object Injection security vulnerability...

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...

Magento 2.0.6 Unserialize Remote Code Execution

This module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Magento 2.0.6 Unserialize Remote Code Execution',...

WordPress Ninja Forms Plugin PHP Object Injection Hole

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A security vulnerability exists in the WordPress Ninja Forms plugi...

WordPress Collne Welcart e-Commerce Plugin <= 1.8.2 - SQL Injection

This vulnerability allows an attacker to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. Solution Update the plugin...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

Design/Logic Flaw

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...