2 matches found
CVE-2018-1000526
The CVE-2018-1000526 entry concerns OpenPSA with an XML Injection vulnerability in the RSS upload feature, caused by a vulnerable XML processing path. The related Veracode document notes that openpsa/midcom uses an outdated PHP version and calls the insecure method xml_parse_into_struct, which ca...
CVE-2018-1000525
OpenPSA is affected by a PHP Object Injection vulnerability in form data passed as GET variables, allowing a crafted GET request to serialize a PHP object and potentially disclose information or achieve remote code execution. The issue arises from unsafe deserialization, enabling arbitrary code e...