Lucene search

GitHub Advisory DatabaseGHSA-74MF-VJPG-9XH7

HistoryMay 17, 2022 - 3:34 a.m.

Slim vulnerable to PHP object injection

2022-05-1703:34:17

CWE-94

GitHub Advisory Database

github.com

php object injection

middleware

remote attackers

arbitrary php code

session data

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.

Affected configurations

Vulners

Node

slimslimRange<2.6.0

VendorProductVersionCPE
slimslim*cpe:2.3:a:slim:slim:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
slim	slim	*	cpe:2.3:a:slim:slim::::::::

References

seclists.org/fulldisclosure/2015/Mar/16

www.slimframework.com/2015/03/01/version-260.html

github.com/advisories/GHSA-74mf-vjpg-9xh7

github.com/FriendsOfPHP/security-advisories/blob/master/slim/slim/CVE-2015-2171.yaml

github.com/slimphp/Slim/commit/9fa651474eb4d3bb0ce40dd5a55c51bb861c2658

github.com/slimphp/Slim/issues/1034

nvd.nist.gov/vuln/detail/CVE-2015-2171

web.archive.org/web/20200229032229/www.securityfocus.com/bid/70087

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

Related for GHSA-74MF-VJPG-9XH7