Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the "opSecurityUser::getRememberLoginCookie()" method defined in the /lib/user/opSecurityUser.class.php script using the "unserialize()" function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a "Cookie" header. Versions 3.6.13 and 3.8.9 are affected.
862f28c500db8c6dd1aadc552ac50b3312005f2ee4381d1d21469bd13a2f955d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed