CVE-2022-39298

Name of the Vulnerable Software and Affected Versions melisplatform/melis-front versions prior to 5.0.1

Description The issue affects MelisFront, the engine that displays websites hosted on Melis Platform, handling tasks such as showing pages, plugins, URL rewriting, search optimization, and SEO. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, leading to the execution of arbitrary PHP code on the system without requiring authentication. This issue was addressed by restricting allowed classes when deserializing user-controlled data.

Recommendations For melisplatform/melis-front versions prior to 5.0.1, users should immediately upgrade to melisplatform/melis-front >= 5.0.1 to resolve the issue. As a temporary workaround, consider restricting the deserialization of user-controlled data to minimize the risk of exploitation.