Vulnerabilities > CVE-2018-1000059 - Deserialization of Untrusted Data vulnerability in Validformbuilder Validform Builder 4.5.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

validformbuilder

CWE-502

NVD

Published: 2018-02-09

Updated: 2020-08-24

Summary

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.

Vulnerable Configurations

Part	Description	Count
Application	Validformbuilder Validformbuilder Validform Builder 4.5.4	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/validformbuilder/validformbuilder/issues/126