CVE-2024-1353

Published: Feb 9, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.

Affected (1)

Products: Phpems: Phpems

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpems Phpems	Up to 1.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

https://note.zhaoj.in/share/nxGzfEB6fFVY

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.253226

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.253226

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://note.zhaoj.in/share/nxGzfEB6fFVY

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.253226

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.253226

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.