CVE-2019-14466
on github
Published
Severity
CVSS v3:
6.5 MEDIUM
CVSS v2:
5.5 MEDIUM
Description
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:gosa_project:gosa:2.7.5.2:*:*:*:*:*:*:* | n/a | n/a | 2.7.5.2 |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | n/a | n/a | 8.0 |