CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-15521

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile44.71th
Published2019年8月26日
Last Modified2024年11月21日

Vulnerability Description

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

Affected Platforms (CPE)

📦
Spoon Library

Spoon Library

<= 2014-02-06
📦
Fork Cms

Fork Cms

< 1.4.1

References & Advisories

🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117

関連する脆弱性情報

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...