1305 matches found
CVE-2022-3374
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-3380
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...
CVE-2022-3335
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
Deserialization Of Untrusted Data
Melis-cms is vulnerable to untrusted data deserialization. The vulnerability exists in multiple functions due to adding allowedclasses=false parameter to the unserialize function, which allows an attacker to execute arbitrary PHP code on the system...
PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. PoC To simulate a...
Remote Code Execution
laravel/laravel is vulnerable to remote code execution. The vulnerability exists due to an insecure deserialization of trusted data which allows an attacker to inject a malicious code via an unserialize pop chain...
Malicious code in unserialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d081fc5748d5e5602e110a26b4335cb28e7f79efb601ad4fba6e53e94635ad3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6796 Malicious code in unserialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d081fc5748d5e5602e110a26b4335cb28e7f79efb601ad4fba6e53e94635ad3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
GHSA-4VP2-MJ4M-69M4 ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
GHSA-7M7G-JQ4M-98W5 Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
GHSA-47WW-MQ32-G4XW TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...
GHSA-M4HW-R893-XH4G TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
GHSA-QVQM-H22R-4CP9 Laravel Framework RCE Vulnerability
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...