GHSA-WHV5-4Q2F-Q68G OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2

Description The oauth2.php file in OpenSTAManager is an unauthenticated endpoint $skippermissions = true. It loads a record from the zzoauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize on the accesstoken field without any...

Exploit for Improper Input Validation in Typo3

TYPO3 CVE-2020-15099 — Unauthenticated RCE PHP Object Injecti...

Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

Description The plugin unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog Step 1: Add the following code to the end of the file located at...

Exploit for Deserialization of Untrusted Data in Laravel

Laravel Remote Code Execution when APPKEY is leaked PoC CVE-...