Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenPNE 输入验证漏洞
Vulnerability Description
OpenPNE是日本株式会社手岛屋公司的一款开源的SNS引擎,它可在PC和手机上实现SNS功能。 OpenPNE 3.6.13和3.8.9版本中的lib/user/opSecurityUser.class.php文件中的‘opSecurityUser::getRememberLoginCookie’函数中的Remember me功能中存在输入验证漏洞,该漏洞源于程序没有正确验证HTTP Cookie头文件中的登录数据。远程攻击者可借助特制的序列化对象利用该漏洞实施PHP对象注入攻击,进而执行任意PHP代码
CVSS Information
N/A
Vulnerability Type
N/A