Lucene search
Veracode Vulnerability DatabaseVERACODE:37556HistoryOct 14, 2022 - 3:23 a.m.
Deserialization Of Untrusted Data
2022-10-1403:23:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
melis-cms
untrusted data
deserialization
vulnerability
unserialize
php
0.004 Low
EPSS
Percentile
73.9%
Melis-cms is vulnerable to untrusted data deserialization. The vulnerability exists in multiple functions due to adding allowed_classes=false parameter to the unserialize function, which allows an attacker to execute arbitrary PHP code on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| melisplatform/melis-cms | le | v5.0.0 | |
| melisplatform/melis-cms | le | v5.0.0 |
Related
github
github
melisplatform/melis-cms vulnerable to deserialization of untrusted data
2022-10-11 20:45:54
cve
cve
CVE-2022-39297
2022-10-12 23:15:09
nvd
nvd
CVE-2022-39297
2022-10-12 23:15:09
prion
prion
Authentication flaw
2022-10-12 23:15:00
osv
osv
CVE-2022-39297
2022-10-12 23:15:09
melisplatform/melis-cms vulnerable to deserialization of untrusted data
2022-10-11 20:45:54
cvelist
cvelist
CVE-2022-39297 Deserialization of untrusted data in MelisCms
2022-10-12 00:00:00