| Название | Aidigu <=1.8.2 PHP object deserialization |
|---|
| Описание | Aidigu (≤1.8.2) suffers from an arbitrary PHP object deserialization vulnerability in application/common.php, where untrusted cookie data is unserialized without validation. Attackers can exploit this to achieve remote code execution on the server by sending a specially crafted serialized payload in the rememberMe cookie. |
|---|
| Источник | ⚠️ https://note-hxlab.wetolink.com/share/Bon2P1OSuNDc |
|---|
| Пользователь | YELEIPENG (UID 73615) |
|---|
| Представление | 03.07.2025 05:36 (10 месяцы назад) |
|---|
| Модерация | 07.07.2025 15:26 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 315165 [lty628 Aidigu до 1.8.2 PHP Object /application/common.php checkUserCookie rememberMe эскалация привилегий] |
|---|
| Баллы | 19 |
|---|