Lucene search
K

1318 matches found

Cvelist
Cvelist
added 2023/01/31 11:54 p.m.60 views

CVE-2023-23924 URI validation failure on SVG parsing in Dompdf

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...

10CVSS9.7AI score0.03572EPSS
Exploits2References3
Friends Of PHP
Friends Of PHP
added 2023/01/31 2:30 p.m.30 views

Dompdf vulnerable to URI validation failure on SVG parsing

Summary The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This might leads to arbitrary object unserialize on PHP tags, in src/Image/Cache.php : if $type === "svg" $parser = xmlparsercreate"utf-8"; xmlparsersetoption$parser,...

10CVSS9.4AI score0.03572EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.36 views

CVE-2022-4323 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2AI score0.01046EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.33 views

CVE-2022-3425 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.3AI score0.01046EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.4 views

WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

5.7AI score
Exploits1References2
OSV
OSV
added 2023/01/14 2:15 a.m.12 views

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporterblogwordpress.php PHP Object Injection by an admin because of an unserialize call...

7.2CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2023/01/14 2:15 a.m.32 views

CVE-2023-22850

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...

8.8CVSS8.9AI score0.01168EPSS
Exploits3References2
Prion
Prion
added 2023/01/14 2:15 a.m.22 views

Code injection

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...

6.5CVSS8.9AI score0.01168EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2023/01/14 2:15 a.m.22 views

Code injection

Tiki before 24.2 allows lib/importer/tikiimporterblogwordpress.php PHP Object Injection by an admin because of an unserialize call...

5.8CVSS7.2AI score0.01048EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2023/01/14 12:0 a.m.54 views

CVE-2023-22851

Tiki Wiki CMS Groupware before 24.2 is vulnerable to PHP Object Injection via lib/importer/tikiimporter_blog_wordpress.php when an admin triggers an unserialize call during WordPress import. CVE-2023-22851 details an object injection flaw that can lead to arbitrary PHP object creation within appl...

7.2CVSS7.1AI score0.01048EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2023/01/14 12:0 a.m.40 views

CVE-2023-22850

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...

9.2AI score0.01168EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2023/01/10 5:15 p.m.4 views

CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application...

8.8CVSS7.8AI score0.18233EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.4 views

Spitfire CMS 代码问题漏洞

Spitfire CMS is a system used to maintain the content of a website without handling the details of creating the website. A code issue vulnerability exists in Spitfire CMS version 1.0.475, which stems from its unsafe use of the unserialize function allowing attackers to implement PHP object...

8.8CVSS8AI score0.18233EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-15157 · Unknown · Spitfire Cms

Name of the Vulnerable Software and Affected Versions: Spitfire CMS version 1.0.475 Description: A PHP Object Injection issue in the unserialize function allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. Recommendations: For Spitfire CMS...

8.8CVSS8.8AI score0.18233EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2023/01/10 12:0 a.m.236 views

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="...

7.2AI score0.01048EPSS
Exploits3
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.25 views

CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.3AI score0.17686EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/01/02 12:0 a.m.20 views

Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.8AI score0.01046EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/12/26 1:15 p.m.2 views

CVE-2022-4120

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

9.8CVSS5.8AI score0.18121EPSS
Exploits2References1
Prion
Prion
added 2022/12/26 1:15 p.m.14 views

Code injection

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

7.5CVSS9.5AI score0.18121EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.4 views

WordPress Plugin Stop Spammers Security 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.8CVSS8.4AI score0.18121EPSS
Exploits2References2
Rows per page
Query Builder