PluXml Media Management medias.php __destruct deserialization

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was informed early about this issue and announced that "[w]e fix this issue in the next version 5.8.23". A patch for it is ready.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

可信数据的反序列化

PluXml 代码问题漏洞

PluXml是PluXml开源的一个免费的开源内容管理系统，不需要数据库即可工作。 PluXml 5.8.22及之前版本存在代码问题漏洞，该漏洞源于对组件Media Management Module中文件core/admin/medias.php内参数File的错误操作，可能导致反序列化攻击。

N/A

N/A