Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cnYyLXZ2bWYtZjd3OM4AA3qC
PHPEMS Deserialization of Untrusted Data vulnerability
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
Permalink: https://github.com/advisories/GHSA-5rv2-vvmf-f7w8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cnYyLXZ2bWYtZjd3OM4AA3qC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 4 months ago
CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-5rv2-vvmf-f7w8, CVE-2023-6654
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6654
- https://note.zhaoj.in/share/jw4Hp9cq7T69
- https://vuldb.com/?ctiid.247357
- https://vuldb.com/?id.247357
- https://github.com/oiuv/phpems/blob/a4a049362a0250c4b1762464b34d90ed881fef19/lib/session.cls.php
- https://github.com/advisories/GHSA-5rv2-vvmf-f7w8
Blast Radius: 1.0
Affected Packages
packagist:phpems/phpems
Dependent packages: 0Dependent repositories: 0
Downloads: 700 total
Affected Version Ranges: >= 6.0.0, <= 6.1.3
No known fixed version
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.1.0, 6.1.1, 6.1.2, 6.1.3