CVE-2013-5350

Name of the Vulnerable Software and Affected Versions OpenPNE versions 3.6.13 through 3.6.13 OpenPNE versions 3.8.9 through 3.8.9

Description The issue concerns the "Remember me" feature, which does not properly validate login data in HTTP Cookie headers. This allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

Recommendations For OpenPNE versions 3.6.13 through 3.6.13, update to version 3.6.13.1 to resolve the issue. For OpenPNE versions 3.8.9 through 3.8.9, update to version 3.8.9.1 to resolve the issue.