Przykłady dla CWE-502: Deserialization of Untrusted Data - CXSecurity.com

	Tytuł	Data	Autor
Med.	OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue	11.04.2024	Martin Heiland
Med.	Artica Proxy 4.50 Unauthenticated PHP Deserialization	09.03.2024	Jaggar Henry
Med.	WordPress BeTheme 26.5.1.4 PHP Object Injection	22.11.2022	Julien Ahrens
High	TIBCO JasperReports Server 8.0.2 Community Edition Code Execution	13.09.2022	Moritz Bechler
Low	SAP Wily Introscope Enterprise OS Command Injection	19.06.2021	Yvan Genuer
High	Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization	20.05.2020	Moritz Bechler
Med.	ManageEngine Desktop Central FileStorage getChartImage Deserialization / Unauthenticated Remote Code Execution	08.03.2020	Mr_me
Med.	Revive Adserver Deserialization / Open Redirect	02.05.2019	Matteo Beccati
High	OpenMRS Platform Insecure Object Deserialization	05.02.2019	Bishop Fox
Med.	Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation	01.02.2017	Matteo Beccati
High	Solarwinds Virtualization Manager 6.3.1 Java Deserialization	17.06.2016	Nate Kettlewell

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-20

	CVE-2024-49625	Updating...	Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.
	CVE-2024-49624	Updating...	Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.

2024-10-18

Waiting for details

CVE-2024-10079

Updating...

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

2024-10-17

Waiting for details

CVE-2024-49318

Updating...

Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.

2024-10-16

	CVE-2024-49218	Updating...	Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.
	CVE-2024-9634	Updating...	The GiveWP �?? Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.
	CVE-2024-49227	Updating...	Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.
	CVE-2024-49226	Updating...	Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.
	CVE-2024-48030	Updating...	Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2.
	CVE-2024-48028	Updating...	Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1.

Copyright 2024, cxsecurity.com