CVE-2023-6654: Deserialization of Untrusted Data

December 10, 2023 (updated February 13, 2024)

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

References

note.zhaoj.in/share/jw4Hp9cq7T69
nvd.nist.gov/vuln/detail/CVE-2023-6654
vuldb.com/?ctiid.247357
vuldb.com/?id.247357

Code Behaviors & Features

Detect and mitigate CVE-2023-6654 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →