| Titel | Aidigu <=1.8.2 PHP object deserialization |
|---|
| Beschreibung | Aidigu (≤1.8.2) suffers from an arbitrary PHP object deserialization vulnerability in application/common.php, where untrusted cookie data is unserialized without validation. Attackers can exploit this to achieve remote code execution on the server by sending a specially crafted serialized payload in the rememberMe cookie. |
|---|
| Quelle | ⚠️ https://note-hxlab.wetolink.com/share/Bon2P1OSuNDc |
|---|
| Benutzer | YELEIPENG (UID 73615) |
|---|
| Einreichung | 03.07.2025 05:36 (vor 10 Monaten) |
|---|
| Moderieren | 07.07.2025 15:26 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 315165 [lty628 Aidigu bis 1.8.2 PHP Object /application/common.php checkUserCookie rememberMe erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|