A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.

Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.