GHSA-7HQR-J26M-GMWP Pimcore Unserialize Remote Code Execution

An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to...

Pimcore Unserialize Remote Code Execution

An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to...

Deserialization Of Untrusted Data

topthink/framework is vulnerable to deserialization of untrusted data. The vulnerability exists in unserialize function in Driver.php due to the use of string type as the method parameter which allows an attacker to control the state or the flow of the execution...

CVE-2021-23592

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...

Deserialization of untrusted data

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...

CVE-2021-23592 Deserialization of Untrusted Data

The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

CVE-2021-21956 is a PHP deserialization vulnerability in CloudLinux Imunify360’s Ai-Bolit scanner (Imunify360 5.10.2). The issue arises in the Deobfuscator/decodedFileGetContentsWithFunc path where unsafely unserialized input can lead to arbitrary code execution. If Imunify360 is running with rea...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

Remote Code Execution (RCE)

laravel/laravel is vulnerable to remote code execution. The vulnerability exists in destruct in PendingResourceRegistration.php, Manager.php, and ClosureWrapper.php which allows an attacker is able to inject malicious code via an unserialize pop chain...

GHSA-86R3-4GQ8-XW8Q Remote Code Execution in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...

Remote Code Execution in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...

CVE-2021-43503

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2021-43503

Removed by vendor...

PT-2022-11859 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: laravel version 5.8.38 Description: A Remote Code Execution issue exists via an unserialize pop chain in certain functions, including destruct in RoutingPendingResourceRegistration.php, call in QueueCapsuleManager.php, and invoke in...

CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

CVE-2021-24950 Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

CVE-2021-24857

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain...