CVE-2017-5543

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.0.5

Description The issue allows remote attackers to conduct PHP Object Injection attacks. This is achieved by sending crafted serialized data in a salt cookie within a login request to the includes/classes/ia.core.users.php file.

Recommendations For Subrion CMS version 4.0.5, as a temporary workaround, consider restricting access to the includes/classes/ia.core.users.php file until a patch is available. Avoid using the salt cookie in the affected login request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.