ニュース

Security Boulevard6年

PHP Object Injection

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers. The ...
Threat Post4年

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...
マイナビニュース2年

10月のWordPressプラグイン脆弱性まとめ、WordPressも含めて確認を

Sucuriは10月29日(米国時間)、「WordPress Vulnerability & Patch Roundup October 2022」において、2022年10月に明らかになったWordPressの脆弱性およびセキュリティパッチの情報について伝えた。SucuriはWebサイト所有者に対して新たな脅威を把握し、対処してもらえるよう1か月 ...
IEEE4月

PFortifier: Mitigating PHP Object Injection Through Automatic Patch Generation

Abstract: PHP Object Injection (POI) vulnerabilities enable unexpected execution of class methods in PHP applications, resulting in various attacks. In the meanwhile, designing effective patches for ...
Threat Post5年

Newsletter WordPress Plugin Opens Door to Site Takeover

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair ...
Searchenginejournal.com2年

WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...