VYPR
Unrated severityNVD Advisory· Published Jan 24, 2014· Updated Jun 16, 2026

CVE-2013-5350

CVE-2013-5350

Description

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Tejimaya/Openpne2 versions
    cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:tejimaya:openpne:3.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:tejimaya:openpne:3.8.9:*:*:*:*:*:*:*
  • OpenPNE/OpenPNEllm-create
    Range: >=3.6.13 <3.6.13.1, >=3.8.9 <3.8.9.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.