← Back

Okaycms

okaycms

Vendor: Okay Cms • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-16885
1Okay Cms
1Okaycms
Nov 21, 2024
Dec 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the...Show more
In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.Show less