Home / os / win2k

Spitfire CMS 1.0.475 PHP Object Injection

Posted on 10 December 2022

Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.

 

TOP