gosa is vulnerable to PHP object injection. The vulnerability allows a remote authenticated attacker to perform file deletions in the context process worker of the web server using a malicious cookie value. This is due to lack of validation during deserializing of cookie value to restore filter settings.
CPE | Name | Operator | Version |
---|---|---|---|
gosa:xenial | eq | 2.7.4+reloaded2-9ubuntu1 |