PT-2018-5061 · Processmaker · Processmaker Enterprise Core
Published
2018-09-17
·
Updated
2022-12-14
·
CVE-2016-9045
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProcessMaker Enterprise Core version 3.0.1.7-community
Description
A code execution issue exists due to unsafe deserialization. This can be triggered by a specially crafted web request, potentially resulting in PHP code being executed. An attacker can exploit this by sending a crafted web parameter.
Recommendations
For ProcessMaker Enterprise Core version 3.0.1.7-community, consider restricting access to vulnerable web parameters until a patch is available. As a temporary workaround, disabling the deserialization of user-supplied input can help mitigate the risk of exploitation.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Processmaker Enterprise Core