RCE in Anchorcms Anchor_cms

CVE-2015-5687

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.025 (82.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References