High severityNVD Advisory· Published Oct 12, 2022· Updated Apr 23, 2025
Deserialization of untrusted data in MelisFront
CVE-2022-39298
Description
MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-front >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
melisplatform/melis-frontPackagist | < 5.0.1 | 5.0.1 |
Affected products
2- Range: <= 5.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.