CVE-2019-5434P1CRITICALCVSS 9.8ExploitedPoCfixed in 4.2.0·vFixed version v4.2.02019-05-06
CVE-2019-5434 [CRITICAL] CWE-502 CVE-2019-5434: An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger t
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although u
nvd