CVE-2019-15521Deserialization of Untrusted Data in Fork CMS

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fork-cms Fork CMSSpoon LibrarySpoon-library Spoon Library
Timeline
PublishedAug 26
Latest updateMay 24

Description

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Packagistspoon/library< 1.4.1
NVDfork-cms/fork_cms< 1.4.1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Spoon Library as used in Fork CMS allows PHP object injection2022-05-24
OSV
Spoon Library as used in Fork CMS allows PHP object injection2022-05-24
CVE-2019-15521 — Deserialization of Untrusted Data | cvebase