exploitDog

CVE-2019-15521

Опубликовано: 26 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

Ссылки

https://github.com/forkcms/library/pull/69
Patch
Third Party Advisory
https://github.com/forkcms/library/releases/tag/1.4.1
Release Notes
Third Party Advisory
https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
Patch
Third Party Advisory
https://github.com/forkcms/library/pull/69
Patch
Third Party Advisory
https://github.com/forkcms/library/releases/tag/1.4.1
Release Notes
Third Party Advisory
https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spoon-library:spoon_library:*:*:*:*:*:*:*:*

Версия до 2014-02-06 (включая)

Конфигурация 2

cpe:2.3:a:fork-cms:fork_cms:*:*:*:*:*:*:*:*

Версия до 1.4.1 (исключая)

EPSS

Процентиль: 71%

0.00678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-2p2x-mw56-jc98

CVSS3: 9.8

github

больше 3 лет назад

Spoon Library as used in Fork CMS allows PHP object injection

EPSS

Процентиль: 71%

0.00678

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502