A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
References
Link | Resource |
---|---|
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5720.php | Exploit Third Party Advisory |
Configurations
History
08 Mar 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 |
13 Jan 2023, 14:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:spitfire_project:spitfire:1.0475:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Spitfire Project spitfire
Spitfire Project |
|
References | (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5720.php - Exploit, Third Party Advisory | |
CWE | CWE-74 |
10 Jan 2023, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-10 17:15
Updated : 2024-03-08 13:15
NVD link : CVE-2022-47083
Mitre link : CVE-2022-47083
CVE.ORG link : CVE-2022-47083
JSON object : View
Products Affected
spitfire_project
- spitfire
CWE
CWE-502
Deserialization of Untrusted Data