PHP Object Deserialization Injection attacks utilise the unserialize function within PHP. The deserialisation of the PHP object can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.
Where the Issue Occurred
Displayed below is the code within the YesWiki project containing the vulnerable code:
The Issue
PHP Object Deserialization Injection attacks utilise the unserialize function within PHP. The deserialisation of the PHP object can trigger certain methods within the object, allowing the attacker to perform unauthorised actions like execution of code, disclosure of information, etc.
Where the Issue Occurred
Displayed below is the code within the YesWiki project containing the vulnerable code:
yeswiki/includes/i18n.inc.php
Line 149 in 0f8a495
The text was updated successfully, but these errors were encountered: