A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://note.zhaoj.in/share/jw4Hp9cq7T69 | Permissions Required |
https://vuldb.com/?ctiid.247357 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.247357 | Permissions Required Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
14 Dec 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://note.zhaoj.in/share/jw4Hp9cq7T69 - Permissions Required | |
References | () https://vuldb.com/?id.247357 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?ctiid.247357 - Permissions Required, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:* cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:* |
10 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-10 15:15
Updated : 2024-05-17 02:33
NVD link : CVE-2023-6654
Mitre link : CVE-2023-6654
CVE.ORG link : CVE-2023-6654
JSON object : View
Products Affected
phpems
- phpems
CWE
CWE-502
Deserialization of Untrusted Data