Описание
Slim vulnerable to PHP object injection
Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-2171
- https://github.com/slimphp/Slim/issues/1034
- https://github.com/slimphp/Slim/commit/9fa651474eb4d3bb0ce40dd5a55c51bb861c2658
- https://github.com/FriendsOfPHP/security-advisories/blob/master/slim/slim/CVE-2015-2171.yaml
- https://web.archive.org/web/20200229032229/http://www.securityfocus.com/bid/70087
- http://seclists.org/fulldisclosure/2015/Mar/16
- http://www.slimframework.com/2015/03/01/version-260.html
Пакеты
Наименование
slim/slim
composer
Затронутые версииВерсия исправления
< 2.6.0
2.6.0
Связанные уязвимости
nvd
почти 11 лет назад
Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.