Submit #608209: Aidigu <=1.8.2 PHP object deserializationinfo

TitleAidigu <=1.8.2 PHP object deserialization
DescriptionAidigu (≤1.8.2) suffers from an arbitrary PHP object deserialization vulnerability in application/common.php, where untrusted cookie data is unserialized without validation. Attackers can exploit this to achieve remote code execution on the server by sending a specially crafted serialized payload in the rememberMe cookie.
Source⚠️ https://note-hxlab.wetolink.com/share/Bon2P1OSuNDc
User
 YELEIPENG (UID 73615)
Submission07/03/2025 05:36 (10 months ago)
Moderation07/07/2025 15:26 (4 days later)
StatusAccepted
VulDB entry315165 [lty628 Aidigu up to 1.8.2 PHP Object /application/common.php checkUserCookie rememberMe deserialization]
Points19

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!