| عنوان | viames Pair Framework <=1.9.11 PHP Object Injection |
|---|
| الوصف | Pair Framework has a PHP Object Injection vulnerability as a result of Deserialization of Untrusted Data.
(POP/) Gadget Chains exist in Pair Framework (and its libraries) which allow Object Injection vulnerabilities to be exploited, for example to write arbitrary files. Other attacks may be possible depending on what additional code is used in a given project.
Exploitation of the vulnerability does not require authentication and can be achieved by a single GET request. |
|---|
| المصدر | ⚠️ https://gist.github.com/mcdruid/1997e10026833d2d1f3e359d75b5912a |
|---|
| المستخدم | mcdruid (UID 79710) |
|---|
| ارسال | 06/03/2025 10:03 PM (1 سنة منذ) |
|---|
| الاعتدال | 16/03/2025 02:25 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 299875 [viames Pair Framework حتى 1.9.11 PHP Object /src/UserRemember.php getCookieContent cookieName تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|