High severityNVD Advisory· Published Oct 12, 2022· Updated Apr 23, 2025
Deserialization of untrusted data in MelisCms
CVE-2022-39297
Description
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
melisplatform/melis-cmsPackagist | < 5.0.1 | 5.0.1 |
Affected products
2- Range: <= 5.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.