exploitDog

GHSA-rrv5-7vmv-whmj

Опубликовано: 04 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.5

CVSS3: 9.8

Описание

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.

Ссылки

EPSS

Процентиль: 83%

0.01856

Низкий

9.5 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-2244

CVSS3: 9.8

nvd

10 месяцев назад

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.

EPSS

Процентиль: 83%

0.01856

Низкий

9.5 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502