CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 are affected by a PHP object injection in BxBaseMenuSetAclLevel.php. The profile_id POST parameter is passed to PHP unserialize() without proper handling, enabling remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write...

PT-2025-49139

Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...

Exploit for Code Injection in Foxcms

🌐 CVE-2025-29306 Critical Remote Code Execution RCE in Fo...

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

CVE-2025-60641

CVE-2025-60641 affects Vfront 0.99.52. The issue is a vulnerable call in mexcel.php that does unserialize(base64_decode($_POST['mexcel'])) on user-controlled input, decoded from base64 and deserialized without validation or allowed_classes. This allows injection of arbitrary PHP objects, with pot...

CVE-2025-11345

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgradin...

EUVD-2009-4385

Malware in sbrugna...

EUVD-2021-11491

Malware in sbrugna...

EUVD-2017-8829

Malware in sbrugna...

EUVD-2019-18447

Malware in sbrugna...

EUVD-2020-18790

Malware in sbrugna...

EUVD-2020-0402

Malware in sbrugna...

EUVD-2020-12725

Malware in sbrugna...

EUVD-2021-20571

Malware in sbrugna...

EUVD-2021-11769

Malware in sbrugna...