Unrated severityNVD Advisory· Published Jan 24, 2014· Updated Apr 29, 2026

CVE-2013-5350

Description

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.

Affected products

Tejimaya/Openpne2 versions
cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:tejimaya:openpne:3.8.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/54043nvdVendor Advisory
secunia.com/secunia_research/2014-1/nvdVendor Advisory
www.openpne.jp/archives/12293/nvdVendor Advisory
jvn.jp/en/jp/JVN69986880/index.htmlnvd
jvndb.jvn.jp/jvndb/JVNDB-2014-000009nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000