Disclosure Date 2020/11/05

CVE-2020-5664

Deserialization of untrusted data in XooNIps

XOOPS 用モジュール XooNIps における信頼できないデータのデシリアライズ

Credit

stypr (@stereotype32)

Affected-Versions

XooNIps: v3.49 and earlier

CWE

  • CWE-502

Description

XooNIps 3.49 and earlier uses unserialization for untrusted data, which could possibly lead to Remote Code Execution when the vulnerable module is installed with the XOOPS module.

Back