Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pachno 1.0.6 FileCache Deserialization Remote Code Execution
Vulnerability Description
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Pachno 代码问题漏洞
Vulnerability Description
Pachno是Pachno开源的一个用于协作的开源平台。 Pachno 1.0.6版本存在代码问题漏洞,该漏洞源于反序列化不安全,可能导致未经验证的攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A