Description

It was determined that your web application is performing PHP object deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.

Remediation

PHP object deserialization should not be performed on user-supplied data. Do not use the unserialize() function with user-supplied input, use JSON functions instead.

References

PHP Object Injection

Related Vulnerabilities

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor SQL Injection (3.3.2)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login SQL Injection (5.0.2.1)

WordPress Plugin All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs-My Sticky Elements SQL Injection (2.0.8)

WordPress Plugin Newsletter-Send awesome emails from WordPress SQL Injection (3.0.8)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

Severity

Medium

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Denial Of Service SQL Injection Code Execution Directory Traversal Insecure Deserialization