Unrated severityNVD Advisory· Published Dec 31, 2019· Updated Aug 5, 2024

CVE-2019-14466

Description

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

GONICUS/GOsadescription
gosa-project/Gosallm-fuzzy
Range: = 2.7.5.2

Patches

Vulnerability mechanics

References

github.com/gosa-project/gosa-core/pull/29mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/08/msg00039.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000