PT-2018-9246 · Validformbuilder · Validformbuilder

Prodigysml

Published

2018-02-09

Updated

2020-08-24

CVE-2018-1000059

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ValidFormBuilder version 4.5.4

Description: The issue concerns a PHP Object Injection vulnerability in the Valid Form unserialize method. This can lead to the execution of unauthorized system commands remotely and the disclosure of file contents in the file system.

Recommendations: For ValidFormBuilder version 4.5.4, update to a version that fixes the PHP Object Injection vulnerability in the Valid Form unserialize method to prevent remote execution of unauthorized system commands and file disclosure.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-1000059

Affected Products

Validformbuilder

PT-2018-9246 · Validformbuilder · Validformbuilder

CVE-2018-1000059

Weakness Enumeration

Related Identifiers

Affected Products

References · 3