GHSA-5rv2-vvmf-f7w8

Suggest an improvement
Source
https://github.com/advisories/GHSA-5rv2-vvmf-f7w8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-5rv2-vvmf-f7w8/GHSA-5rv2-vvmf-f7w8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5rv2-vvmf-f7w8
Aliases
  • CVE-2023-6654
Published
2023-12-10T15:30:31Z
Modified
2024-02-16T08:10:09.725583Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
PHPEMS Deserialization of Untrusted Data vulnerability
Details

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

References

Affected packages

Packagist / phpems/phpems

Package

Name
phpems/phpems
Purl
pkg:composer/phpems/phpems

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Last affected
6.1.3

Affected versions

v6.*

v6.0.0
v6.0.1
v6.0.2
v6.0.2.1
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.0.10
v6.1.0
v6.1.1
v6.1.2
v6.1.3