CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-10085

CMS Made Simple (CMSMS)

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

WP Job Manager <= 1.29.2 - Unauthenticated Object Injection

Preauth PHP Object injection - none authenticated attacker could supply his own payload and system to perform unserialize over its data...

Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection

Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. PoC Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order=SERIALIZED-OBJECT"...

Kaltura Remote PHP Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution over Cookie', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiti...

Tuleap 9.6 Second-Order PHP Object Injection Exploit

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...

vBulletin <= 5.3.4 Arbitrary File Deletion And RCE Vulnerabilities

vBulletin is prone to arbitrary file deletion and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

vBulletin 'cacheTemplates' Remote Arbitrary File Deletion Vulnerability

vBulletin is an open source commercial web forum program. A remote arbitrary file deletion vulnerability exists in vBulletin 'cacheTemplates', which stems from the program failing to securely use the 'cacheTemplates' function in vBLibraryTemplate's 'unserialize' function in vBLibraryTemplate. An...

Deserialization of untrusted data

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize in vBLibraryTemplate's cacheTemplates function, which is a publicly exposed AP...

CVE-2017-17672

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize in vBLibraryTemplate's cacheTemplates function, which is a publicly exposed AP...

vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion(CVE-2017-17672)

Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as vB, is “a widespread proprietary Internet forum...

vBulletin 5 cacheTemplates Unauthenticated Remote Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as...

CVE-2017-17672

CVE-2017-17672 affects vBulletin

CVE-2017-17672

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize in vBLibraryTemplate's cacheTemplates function, which is a publicly exposed AP...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

Design/Logic Flaw

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...