Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. Conducting this attack does not require authentication. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Improper validation of integrity check vulnerability in Smart Switch PC prior to version 3 allows local attackers to delete arbitrary directory using directory junction. DLL hijacking vulnerability in Smart Switch PC prior to version 3_3 allows attacker to execute arbitrary code.
0 kommentar(er)
