Описание
Subrion CMS PHP Object Injection
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-12469
- https://belong2yourself.github.io/vulnerabilities/docs/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection/readme
- https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/Insecure%20Deserialization/Subpages%20-%20Authenticated%20PHP%20Object%20Injection
Пакеты
Наименование
intelliants/subrion
composer
Затронутые версииВерсия исправления
<= 4.2.1
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
почти 6 лет назад
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.