Disclosure Date 2020/11/05

CVE-2020-5664

Deserialization of untrusted data in XooNIps

XooNIpsの信頼できないデータのデシリアライズ

Credit

stypr (@stereotype32)

Affected-Versions

XooNIps 3.49 and earlier

CWE

CWE-502

Description

XooNIps 3.49 and earlier uses unserialization for untrusted data, which could possibly lead to Remote Code Execution when the vulnerable module is installed with the XOOPS module.

Back