CyberSec.Space Logo
Back to CVE Browser

CVE-2019-15521

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile44.71th
PublishedAug 26, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

Affected Platforms (CPE)

📦
Spoon Library

Spoon Library

<= 2014-02-06
📦
Fork Cms

Fork Cms

< 1.4.1

References & Advisories

🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117

Related Vulnerabilities

CVE-2019-1506610.0

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitra...

CVE-2019-877910.0

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions...

CVE-2019-568410.0

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader ...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...