CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-15521

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile44.71th
Published2019年8月26日
Last Modified2024年11月21日

Vulnerability Description

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

Affected Platforms (CPE)

📦
Spoon Library

Spoon Library

<= 2014-02-06
📦
Fork Cms

Fork Cms

< 1.4.1

References & Advisories

🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
🔗 https://github.com/forkcms/library/pull/69
🔗 https://github.com/forkcms/library/releases/tag/1.4.1
🔗 https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117

相關漏洞威脅

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-1981010.0

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote un...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...