CVE-2023-6654

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
References
Link Resource
https://note.zhaoj.in/share/jw4Hp9cq7T69 Permissions Required
https://vuldb.com/?ctiid.247357 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.247357 Permissions Required Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:*
cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:*

History

14 Dec 2023, 17:17

Type Values Removed Values Added
References () https://note.zhaoj.in/share/jw4Hp9cq7T69 - () https://note.zhaoj.in/share/jw4Hp9cq7T69 - Permissions Required
References () https://vuldb.com/?id.247357 - () https://vuldb.com/?id.247357 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?ctiid.247357 - () https://vuldb.com/?ctiid.247357 - Permissions Required, Third Party Advisory, VDB Entry
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:phpems:phpems:6.0:*:*:*:*:*:*:*
cpe:2.3:a:phpems:phpems:7.0:*:*:*:*:*:*:*

10 Dec 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-10 15:15

Updated : 2024-05-17 02:33


NVD link : CVE-2023-6654

Mitre link : CVE-2023-6654

CVE.ORG link : CVE-2023-6654


JSON object : View

Products Affected

phpems

  • phpems
CWE
CWE-502

Deserialization of Untrusted Data