Vulnerabilities > CVE-2024-13136 - Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wangl1989

CWE-502

critical

NVD

Published: 2025-01-05

Updated: 2025-01-10

Summary

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
Application	Wangl1989 Wangl1989 Mysiteforme 1.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/wangl1989/mysiteforme/issues/52
https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365
https://vuldb.com/?ctiid.290210
https://vuldb.com/?id.290210
https://vuldb.com/?submit.468391