Back to search
CVE-2013-5350
Published: Jan 24, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.openpne.jp/archives/12293/
x_refsource_CONFIRM
JVN#69986880
third-party-advisory
x_refsource_JVN
54043
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/secunia_research/2014-1/
x_refsource_MISC
JVNDB-2014-000009
third-party-advisory
x_refsource_JVNDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now