Zikula : Security Vulnerabilities, CVEs, CVSS score >= 7
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Max CVSS
9.8
EPSS Score
0.39%
Published
2016-12-05
Updated
2016-12-27
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
Max CVSS
9.8
EPSS Score
0.44%
Published
2018-03-26
Updated
2018-04-24
2 vulnerabilities found