CVE-2015-0935 : Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.

Published 2015-05-25 19:59:01

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2015-0935

Bomgar » Remote Support
Versions up to, including, (<=) 14.3.2
cpe:2.3:a:bomgar:remote_support:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

47.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/74460

Bomgar Remote Support CVE-2015-0935 Arbitrary PHP Code Execution Vulnerability
https://www.exploit-db.com/exploits/39958/

Bomgar Remote Support - Code Execution (Metasploit)
http://www.kb.cert.org/vuls/id/978652

VU#978652 - Bomgar Remote Support Portal deserializes untrusted data
Patch;Third Party Advisory;US Government Resource

Jump to