Security Advisory

CVE-2013-5350

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-01-24 15:00:00

Last updated 2024-08-06 17:06:52

Assigner flexera

State PUBLISHED

Description

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.

← Browse all CVEs View on cve.org ↗