Описание
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.6 (включая)
Одно из
cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*
cpe:2.3:a:kohanaframework:kohana:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:kohanaframework:kohana:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kohanaframework:kohana:3.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.44845
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 9.8
debian
больше 8 лет назад
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...
CVSS3: 9.8
github
больше 3 лет назад
CodeIgniter and Kohana vulnerable to PHP Object Injection
EPSS
Процентиль: 97%
0.44845
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-310