CVE-2024-1353 | PHPEMS up to 1.0 index.api.php index picurl deserialization

Posted by Angelo Barbosa | Feb 8, 2024 | CVE

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization.

This vulnerability is handled as CVE-2024-1353. The attack can only be done within the local network. Furthermore, there is an exploit available.

CVE-2024-1353 | PHPEMS up to 1.0 index.api.php index picurl deserialization

Related Posts

CVE-2024-38314 | IBM Maximo Application Suite 8.10/8.11/9.0 Monitor hard-coded key

CVE-2024-41173 | Beckhoff IPC Diagnostics Package/TwinCAT BSD authentication bypass (VDE-2024-045)

CVE-2023-42899 | Apple watchOS Image memory corruption

CVE-2024-4549 | Delta Electronics DIAEnergie up to 1.10.1.8610 ICS Restart CEBC.exe denial of service