PHP Object Injection in ForkCMS Ajax Endpoint (<= v5.8.3): Remote Code Execution

PHP Object Injection in ForkCMS Ajax Endpoint (<= v5.8.3): Remote Code Execution

CVE-2020-24036 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

Learn more about our Cms Pen Testing.