CVE-2020-5664
Deserialization of untrusted data in XooNIps (XOOPS 用モジュール XooNIps における信頼できないデータのデシリアライズ)
XooNIps 3.49 and earlier uses unserialization for untrusted data, which could possibly lead to Remote Code Execution when the vulnerable module is installed with the XOOPS module.
Disclosure Date
2020/11/05
Credit
stypr (@stereotype32)
Affected-Versions
XooNIps: v3.49 and earlier
CWE
- CWE-502
