CVE-2024-13136

Medium CVSS: 5.3

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Wangl1989

Product

Mysiteforme

CWE

CWE-20

Yayın Tarihi

2025-01-05 09:15:06

Güncelleme

2025-01-10 21:01:43

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-20 Mysiteforme MEDIUM Wangl1989 2025

Referanslar

https://github.com/wangl1989/mysiteforme/issues/52 https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365 https://vuldb.com/?ctiid.290210 https://vuldb.com/?id.290210 https://vuldb.com/?submit.468391

Benzer Kayıtlar

Critical

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Critical

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

Critical

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

Critical

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table…

High

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.