RSS   Vulnerabilities for 'Okaycms'   RSS

2019-12-03
 
CVE-2019-16885

CWE-74
 

 
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.

 


Copyright 2024, cxsecurity.com

 

Back to Top