Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4801 vulnerabilities reference this CWE, most recent first.

CVE-2023-6654 (GCVE-0-2023-6654)

Vulnerability from cvelistv5 – Published: 2023-12-10 15:00 – Updated: 2024-08-28 15:18
VLAI
Title
PHPEMS Session Data session.cls.php deserialization
Summary
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.247357 vdb-entrytechnical-description
https://vuldb.com/?ctiid.247357 signaturepermissions-required
https://note.zhaoj.in/share/jw4Hp9cq7T69 broken-linkexploit
Impacted products
Vendor Product Version
n/a PHPEMS Affected: 6.x
Affected: 7.x
Affected: 8.x
Affected: 9.0
phpems phpems Affected: 8.0
Affected: 9.0
    cpe:2.3:a:phpems:phpems:8.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
glzjin (VulDB User) glzjin (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.247357"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.247357"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:phpems:phpems:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "phpems",
            "vendor": "phpems",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              },
              {
                "status": "affected",
                "version": "9.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T15:16:17.964371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T15:18:27.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Session Data Handler"
          ],
          "product": "PHPEMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.x"
            },
            {
              "status": "affected",
              "version": "7.x"
            },
            {
              "status": "affected",
              "version": "8.x"
            },
            {
              "status": "affected",
              "version": "9.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "glzjin (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "glzjin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In PHPEMS 6.x/7.x/8.x/9.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek lib/session.cls.php der Komponente Session Data Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T07:26:05.925Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.247357"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.247357"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-09T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-12-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-01-11T16:41:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "PHPEMS Session Data session.cls.php deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-6654",
    "datePublished": "2023-12-10T15:00:05.030Z",
    "dateReserved": "2023-12-09T20:39:55.056Z",
    "dateUpdated": "2024-08-28T15:18:27.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6580 (GCVE-0-2023-6580)

Vulnerability from cvelistv5 – Published: 2023-12-07 21:31 – Updated: 2024-08-02 08:35
VLAI
Title
D-Link DIR-846 QoS POST deserialization
Summary
A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.247161 vdb-entrytechnical-description
https://vuldb.com/?ctiid.247161 signaturepermissions-required
https://github.com/c2dc/cve-reported/blob/main/CV… exploit
Impacted products
Vendor Product Version
D-Link DIR-846 Affected: FW100A53DBR
Create a notification for this product.
Credits
Françoa Taffarel francoa.taffarel (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:35:14.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.247161"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.247161"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "QoS POST Handler"
          ],
          "product": "DIR-846",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "FW100A53DBR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Fran\u00e7oa Taffarel"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "francoa.taffarel (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in D-Link DIR-846 FW100A53DBR gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /HNAP1/ der Komponente QoS POST Handler. Mit der Manipulation des Arguments smartqos_express_devices/smartqos_normal_devices mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-07T21:31:05.210Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.247161"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.247161"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-12T00:00:00.000Z",
          "value": "Exploit disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-12-07T16:17:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DIR-846 QoS POST deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-6580",
    "datePublished": "2023-12-07T21:31:05.210Z",
    "dateReserved": "2023-12-07T13:14:19.386Z",
    "dateUpdated": "2024-08-02T08:35:14.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5583 (GCVE-0-2023-5583)

Vulnerability from cvelistv5 – Published: 2023-10-30 13:48 – Updated: 2026-04-08 16:35
VLAI
Title
WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection
Summary
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
maca134 WP Simple Galleries Affected: 0 , ≤ 1.34 (semver)
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:31.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5583",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:34:33.906895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T18:56:31.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP Simple Galleries",
          "vendor": "maca134",
          "versions": [
            {
              "lessThanOrEqual": "1.34",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the \u0027wpsimplegallery_gallery\u0027 post meta via \u0027wpsgallery\u0027 shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:35:20.142Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-13T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-10-13T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-10-29T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP Simple Galleries \u003c= 1.34 - Authenticated (Contributor+) PHP Object Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-5583",
    "datePublished": "2023-10-30T13:48:45.699Z",
    "dateReserved": "2023-10-13T22:35:07.689Z",
    "dateUpdated": "2026-04-08T16:35:20.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5391 (GCVE-0-2023-5391)

Vulnerability from cvelistv5 – Published: 2023-10-04 18:13 – Updated: 2025-02-27 20:46
VLAI
Summary
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
Schneider Electric EcoStruxure Power Monitoring Expert Affected: All versions – prior to application of Hotfix-145271
Create a notification for this product.
Schneider Electric EcoStruxure Power Operation (EPO) with Advanced Reports Affected: All versions – prior to application of Hotfix-145271
Create a notification for this product.
Schneider Electric EcoStruxure Power SCADA Operation with Advanced Reports Affected: All versions – prior to application of Hotfix-145271
Create a notification for this product.
Date Public
2023-10-10 17:55
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:43.582116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:46:31.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Power Monitoring Expert",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u2013 prior to application of Hotfix-145271"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Power Operation (EPO) with Advanced Reports",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u2013 prior to application of Hotfix-145271"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure Power SCADA Operation with Advanced Reports",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u2013 prior to application of Hotfix-145271"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T17:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T08:25:11.967Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-5391",
    "datePublished": "2023-10-04T18:13:00.746Z",
    "dateReserved": "2023-10-04T17:50:08.965Z",
    "dateUpdated": "2025-02-27T20:46:31.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5183 (GCVE-0-2023-5183)

Vulnerability from cvelistv5 – Published: 2023-09-26 21:29 – Updated: 2024-09-24 13:43
VLAI
Title
Authenticated RCE due to unsafe JSON deserialization
Summary
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.  
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
Illumio Core PCE Affected: 19.3.0 , ≤ 19.3.6 (release train)
Affected: 21.2.0 , ≤ 21.2.7 (release train)
Affected: 21.5.0 , ≤ 21.5.35 (release train)
Affected: 22.2.0 , ≤ 22.2.41 (release train)
Affected: 22.5.0 , ≤ 22.5.30 (release train)
Affected: 23.2.0 , ≤ 23.2.10 (release train)
Create a notification for this product.
illumio core_policy_compute_engine Affected: 19.3.0 , ≤ 19.3.6 (custom)
Affected: 21.2.0 , ≤ 21.2.7 (custom)
Affected: 21.5.0 , ≤ 21.5.35 (custom)
Affected: 22.2.0 , ≤ 22.2.41 (custom)
Affected: 22.5.0 , ≤ 22.5.30 (custom)
Affected: 23.2.0 , ≤ 23.2.10 (custom)
    cpe:2.3:a:illumio:core_policy_compute_engine:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-26 21:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:07.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:illumio:core_policy_compute_engine:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "core_policy_compute_engine",
            "vendor": "illumio",
            "versions": [
              {
                "lessThanOrEqual": "19.3.6",
                "status": "affected",
                "version": "19.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "21.2.7",
                "status": "affected",
                "version": "21.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "21.5.35",
                "status": "affected",
                "version": "21.5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "22.2.41",
                "status": "affected",
                "version": "22.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "22.5.30",
                "status": "affected",
                "version": "22.5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "23.2.10",
                "status": "affected",
                "version": "23.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:35:49.225388Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T13:43:17.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "PCE"
          ],
          "platforms": [
            "Linux"
          ],
          "product": "Core PCE",
          "vendor": "Illumio",
          "versions": [
            {
              "lessThanOrEqual": "19.3.6",
              "status": "affected",
              "version": "19.3.0",
              "versionType": "release train"
            },
            {
              "lessThanOrEqual": "21.2.7",
              "status": "affected",
              "version": "21.2.0",
              "versionType": "release train"
            },
            {
              "lessThanOrEqual": "21.5.35",
              "status": "affected",
              "version": "21.5.0",
              "versionType": "release train"
            },
            {
              "lessThanOrEqual": "22.2.41",
              "status": "affected",
              "version": "22.2.0",
              "versionType": "release train"
            },
            {
              "lessThanOrEqual": "22.5.30",
              "status": "affected",
              "version": "22.5.0",
              "versionType": "release train"
            },
            {
              "lessThanOrEqual": "23.2.10",
              "status": "affected",
              "version": "23.2.0",
              "versionType": "release train"
            }
          ]
        }
      ],
      "datePublic": "2023-09-26T21:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUnsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE\u2019s operating system user. \u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE\u2019s operating system user. \u00a0\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-26T23:41:08.564Z",
        "orgId": "ea070963-4842-4451-bceb-906a17f8dc69",
        "shortName": "Illumio"
      },
      "references": [
        {
          "url": "https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpgrade to the latest release for a given major version. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "Upgrade to the latest release for a given major version. \n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated RCE due to unsafe JSON deserialization",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ea070963-4842-4451-bceb-906a17f8dc69",
    "assignerShortName": "Illumio",
    "cveId": "CVE-2023-5183",
    "datePublished": "2023-09-26T21:29:36.575Z",
    "dateReserved": "2023-09-25T18:22:12.952Z",
    "dateUpdated": "2024-09-24T13:43:17.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5016 (GCVE-0-2023-5016)

Vulnerability from cvelistv5 – Published: 2023-09-17 02:00 – Updated: 2024-08-02 07:44
VLAI
Title
spider-flow API DataSourceController.java DriverManager.getConnection deserialization
Summary
A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.239857 vdb-entrytechnical-description
https://vuldb.com/?ctiid.239857 signaturepermissions-required
https://github.com/bayuncao/vul-cve broken-link
https://github.com/bayuncao/vul-cve/blob/main/spi… broken-linkexploit
Impacted products
Vendor Product Version
n/a spider-flow Affected: 0.1
Affected: 0.2
Affected: 0.3
Affected: 0.4
Affected: 0.5
Credits
bayuncao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.239857"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.239857"
          },
          {
            "tags": [
              "broken-link",
              "x_transferred"
            ],
            "url": "https://github.com/bayuncao/vul-cve"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/bayuncao/vul-cve/blob/main/spider-flow%20fastjson%20jdbc%20deserialization"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "API"
          ],
          "product": "spider-flow",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            },
            {
              "status": "affected",
              "version": "0.2"
            },
            {
              "status": "affected",
              "version": "0.3"
            },
            {
              "status": "affected",
              "version": "0.4"
            },
            {
              "status": "affected",
              "version": "0.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "bayuncao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In spider-flow bis 0.5.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion DriverManager.getConnection der Datei src/main/java/org/spiderflow/controller/DataSourceController.java der Komponente API. Mit der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T08:02:34.960Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.239857"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.239857"
        },
        {
          "tags": [
            "broken-link"
          ],
          "url": "https://github.com/bayuncao/vul-cve"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/bayuncao/vul-cve/blob/main/spider-flow%20fastjson%20jdbc%20deserialization"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-09-16T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-09-16T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-10-12T14:07:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "spider-flow API DataSourceController.java DriverManager.getConnection deserialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-5016",
    "datePublished": "2023-09-17T02:00:06.688Z",
    "dateReserved": "2023-09-16T06:43:13.210Z",
    "dateUpdated": "2024-08-02T07:44:53.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4528 (GCVE-0-2023-4528)

Vulnerability from cvelistv5 – Published: 2023-09-07 17:39 – Updated: 2025-04-23 16:17
VLAI
Title
JSCAPE MFT Server Unsafe Deserialization on Management Port
Summary
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
Redwood Software JSCAPE MFT Server Affected: 0 , < 2023.1.9 (semver)
Create a notification for this product.
Date Public
2023-09-07 15:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4528",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:08.244906Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:17:27.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "JSCAPE MFT Server",
          "vendor": "Redwood Software",
          "versions": [
            {
              "lessThan": "2023.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-09-07T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unsafe deserialization in JSCAPE MFT Server versions prior to\u0026nbsp;2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\u003cbr\u003e"
            }
          ],
          "value": "Unsafe deserialization in JSCAPE MFT Server versions prior to\u00a02023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T17:39:42.355Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "url": "https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528"
        },
        {
          "url": "https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "JSCAPE MFT Server Unsafe Deserialization on Management Port",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2023-4528",
    "datePublished": "2023-09-07T17:39:42.355Z",
    "dateReserved": "2023-08-24T20:16:59.319Z",
    "dateUpdated": "2025-04-23T16:17:27.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4402 (GCVE-0-2023-4402)

Vulnerability from cvelistv5 – Published: 2023-10-20 06:35 – Updated: 2026-04-08 16:40
VLAI
Title
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
Summary
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Credits
Marco Wotschka
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4402",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:35:04.501670Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:11:12.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Essential Blocks Pro",
          "vendor": "wpdevteam",
          "versions": [
            {
              "lessThanOrEqual": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
          "vendor": "wpdevteam",
          "versions": [
            {
              "lessThanOrEqual": "4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marco Wotschka"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:40:54.661Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-17T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-08-18T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-09-13T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Essential Blocks \u003c= 4.2.0 - Unauthenticated PHP Object Injection via products"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-4402",
    "datePublished": "2023-10-20T06:35:10.640Z",
    "dateReserved": "2023-08-17T15:45:30.445Z",
    "dateUpdated": "2026-04-08T16:40:54.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4386 (GCVE-0-2023-4386)

Vulnerability from cvelistv5 – Published: 2023-10-20 07:29 – Updated: 2026-04-08 17:15
VLAI
Title
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
Summary
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Credits
Marco Wotschka
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:34:54.889423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:05:05.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Essential Blocks Pro",
          "vendor": "wpdevteam",
          "versions": [
            {
              "lessThanOrEqual": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
          "vendor": "wpdevteam",
          "versions": [
            {
              "lessThanOrEqual": "4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marco Wotschka"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:15:32.371Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-17T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-08-18T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-09-13T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Essential Blocks \u003c= 4.2.0 - Unauthenticated PHP Object Injection via queries"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-4386",
    "datePublished": "2023-10-20T07:29:27.908Z",
    "dateReserved": "2023-08-16T16:39:20.561Z",
    "dateUpdated": "2026-04-08T17:15:32.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3513 (GCVE-0-2023-3513)

Vulnerability from cvelistv5 – Published: 2023-07-14 04:49 – Updated: 2024-10-31 15:43
VLAI
Title
RazerCentralService Unsafe Deserialization Escalation of Privilege
Summary
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
URL Tags
https://starlabs.sg/advisories/23/23-3513/ third-party-advisory
Impacted products
Vendor Product Version
Razer Razer Central Affected: 0 , ≤ 7.11.0.558 (custom)
Create a notification for this product.
Credits
Phan Thanh Duy (@PTDuy) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://starlabs.sg/advisories/23/23-3513/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3513",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T15:43:23.950643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:43:30.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "RazerCentralSerivce"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Razer Central",
          "vendor": "Razer",
          "versions": [
            {
              "lessThanOrEqual": "7.11.0.558",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Phan Thanh Duy (@PTDuy) of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral \u0026lt;=7.11.0.558 on Windows allows a malicious actor with local access to\u0026nbsp;gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization."
            }
          ],
          "value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral \u003c=7.11.0.558 on Windows allows a malicious actor with local access to\u00a0gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        },
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-14T04:49:59.445Z",
        "orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
        "shortName": "STAR_Labs"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://starlabs.sg/advisories/23/23-3513/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RazerCentralService Unsafe Deserialization Escalation of Privilege",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
    "assignerShortName": "STAR_Labs",
    "cveId": "CVE-2023-3513",
    "datePublished": "2023-07-14T04:49:59.445Z",
    "dateReserved": "2023-07-05T08:39:02.308Z",
    "dateUpdated": "2024-10-31T15:43:30.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.