Moderate severityNVD Advisory· Published Dec 10, 2023· Updated Aug 28, 2024
PHPEMS Session Data session.cls.php deserialization
CVE-2023-6654
Description
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpems/phpemsPackagist | >= 6.0.0, <= 6.1.3 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- note.zhaoj.in/share/jw4Hp9cq7T69ghsabroken-linkexploitWEB
- github.com/advisories/GHSA-5rv2-vvmf-f7w8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6654ghsaADVISORY
- github.com/oiuv/phpems/blob/a4a049362a0250c4b1762464b34d90ed881fef19/lib/session.cls.phpghsaWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.