PT-2019-14243 · Fork+1 · Fork Cms+1

Stijn Vrolijk

Published

2019-08-26

Updated

2022-05-24

CVE-2019-15521

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spoon Library versions through 2014-02-06 Fork CMS versions prior to 1.4.1

Description The issue allows PHP object injection via a cookie containing an object. This can be exploited by manipulating the cookie to inject malicious PHP objects.

Recommendations For Spoon Library versions through 2014-02-06, update to a version released after 2014-02-06 to resolve the issue. For Fork CMS versions prior to 1.4.1, update to version 1.4.1 or later to fix the problem. As a temporary workaround, consider restricting access to cookies or validating user-input data to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2019-15521

GHSA-2P2X-MW56-JC98

Affected Products

Fork Cms

Spoon Library

PT-2019-14243 · Fork+1 · Fork Cms+1

CVE-2019-15521

Weakness Enumeration

Related Identifiers

Affected Products

References · 7