Disclosure Date 2020/11/05
CVE-2020-5664
Deserialization of untrusted data in XooNIps
XOOPS 用モジュール XooNIps における信頼できないデータのデシリアライズ
Credit
stypr (@stereotype32)
Affected-Versions
XooNIps: v3.49 and earlier
CWE
- CWE-502
Description
XooNIps 3.49 and earlier uses unserialization for untrusted data, which could possibly lead to Remote Code Execution when the vulnerable module is installed with the XOOPS module.
