NVD

Id
40666  
Name
CVE-2013-5350  
Description
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-01-24  
Modified Date
2014-01-24  
Seq
2013-5350  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
205914 40666 CVE-2013-5350 JVN#69986880  View
205915 40666 CVE-2013-5350 JVNDB-2014-000009  View
205916 40666 CVE-2013-5350 https://www.openpne.jp/archives/12293/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11993 JVNDB-2014-000009 OpenPNE において任意の PHP コードが実行される脆弱性 OpenPNE には、Cookie ヘッダの処理に問題があり、任意の PHP コードが実行される脆弱性が存在します。 CVE-2013-5350 65292 CVE-2013-5350 40666 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000009.html 2014-01-24 2014-01-28 View