GHSA-5rv2-vvmf-f7w8

Опубликовано: 10 дек. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.3

Описание

PHPEMS Deserialization of Untrusted Data vulnerability

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

Ссылки

Пакеты

Наименование

phpems/phpems

composer

Затронутые версииВерсия исправления

>= 6.0.0, <= 6.1.3

Отсутствует

EPSS

Процентиль: 85%

0.02358

Низкий

6.3 Medium

CVSS3

CVE ID

CVE-2023-6654

Дефекты

CWE-502

Связанные уязвимости

CVE-2023-6654

CVSS3: 6.3

nvd

около 2 лет назад

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

EPSS

Процентиль: 85%

0.02358

Низкий

6.3 Medium

CVSS3

CVE ID

CVE-2023-6654

Дефекты

CWE-502