CWE-502

CVE-2019-16774

February 26, 2023 by

In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.

CVE-2019-16335

February 26, 2023 by

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

CVE-2019-16112

February 26, 2023 by

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.

CVE-2019-15780

February 26, 2023 by

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.

CVE-2019-15521

February 26, 2023 by

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.