CVE-2013-5350

Опубликовано: 24 янв. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.

Ссылки

http://jvn.jp/en/jp/JVN69986880/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009
http://secunia.com/advisories/54043
Vendor Advisory
http://secunia.com/secunia_research/2014-1/
Vendor Advisory
https://www.openpne.jp/archives/12293/
Vendor Advisory
http://jvn.jp/en/jp/JVN69986880/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000009
http://secunia.com/advisories/54043
Vendor Advisory
http://secunia.com/secunia_research/2014-1/
Vendor Advisory
https://www.openpne.jp/archives/12293/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*

cpe:2.3:a:tejimaya:openpne:3.8.9:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00675

Низкий

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-c26j-j6q7-r2mc

github

больше 3 лет назад