Vulnerabilities > CVE-2019-15521 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/forkcms/library/pull/69
- https://github.com/forkcms/library/pull/69
- https://github.com/forkcms/library/releases/tag/1.4.1
- https://github.com/forkcms/library/releases/tag/1.4.1
- https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117
- https://github.com/spoon/library/blob/bda89be80b7e1ffdc93d3180d33a56927430298b/spoon/cookie/cookie.php#L117