Описание
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
Ссылки
- Permissions Required
- Permissions RequiredThird Party AdvisoryVDB Entry
- Permissions RequiredThird Party AdvisoryVDB Entry
- Permissions Required
- Permissions RequiredThird Party AdvisoryVDB Entry
- Permissions RequiredThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:*
cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02358
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 6.3
github
около 2 лет назад
PHPEMS Deserialization of Untrusted Data vulnerability
EPSS
Процентиль: 85%
0.02358
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502