RCE in Anchorcms Anchor_cms
CVE-2015-5687
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.025 (82.7th percentile) — read the EPSS interpretation.
Affected products
- Anchorcms Anchor_cms — versions 0.9.1, 0.9.2, 0.9.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)