The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-31T17:29:05
Updated: 2024-08-05T00:19:41.163Z
Reserved: 2019-07-31T00:00:00
Link: CVE-2019-14466
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-31T18:15:11.233
Modified: 2020-01-10T19:28:23.847
Link: CVE-2019-14466
Redhat
No data.