PT-2014-1987 · Php · Phpmemcachedadmin
Publicado
2014-11-12
·
Atualizado
2018-10-09
·
CVE-2014-8731
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHPMemcachedAdmin versions 1.2.2 and earlier
Description
The issue exists due to errors in the mechanism for recovering serialized data in the PHPMemcachedAdmin web interface. Exploitation of this issue may allow a remote attacker to elevate their privileges to the level of an administrator and execute arbitrary PHP code.
Recommendations
For PHPMemcachedAdmin versions 1.2.2 and earlier, consider disabling the vulnerable functionality related to serialized data until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpmemcachedadmin