CVE-2025-34292
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read b...