VYPR
Critical severity9.8NVD Advisory· Published Nov 3, 2023· Updated Jun 17, 2026

CVE-2023-46817

CVE-2023-46817

Description

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Phpfox/Phpfoxcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <4.8.14

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.