13 matches found
EUVD-2022-2019
Malicious code in bioql PyPI...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...
Spoon Library as used in Fork CMS allows PHP object injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
GHSA-2P2X-MW56-JC98 Spoon Library as used in Fork CMS allows PHP object injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Cross-site Scripting (XSS)
spoon/library is vulnerable to cross-site scripting XSS attacks. A specifically crafted string injected through form attribute placeholders allows remote attackers to execute malicious scripts...
Cross-site Scripting (XSS)
Overview spoon/library is a PHP5 library used to build web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via getAttributesHTML in library/spoon/form/attributes.php due to lack of sanitization. In an affected application, an attacker could insert XSS...
Spoon Library Code Injection Vulnerability
Fork CMS is an open source content management system CMS developed in PHP. The system contains blogs , questions and answers , forms and other modules . Spoon Library is used in which a PHP library for building kickass Web applications . A code injection vulnerability exists in Spoon Library...
Remote Code Execution
spoon/library is vulnerable to remote code execution. Lack of validation of the cookie allows a remote attacker to submit a cookie containing malicious executable objects that will execute upon deserialization in the wakeup magic method in spoon/cookie/cookie.php...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Code injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
CVE-2019-15521
CVE-2019-15521 affects Spoon Library up to 2014-02-06 as used in Fork CMS before 1.4.1 and other products. The vulnerability enables PHP object injection via a cookie containing a serialized object, allowing code execution under deserialization in spoon/cookie/cookie.php. Public sources (Red Hat,...