CVE-2023-6654

Published: Dec 10, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

Affected (2)

Products: Phpems: Phpems

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Phpems Phpems	Version 6.0
Phpems Phpems	Version 7.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

https://note.zhaoj.in/share/jw4Hp9cq7T69

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?ctiid.247357

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.247357

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://note.zhaoj.in/share/jw4Hp9cq7T69

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?ctiid.247357

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.247357

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

Timeline

No history available yet.