CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Okay-Cms: >> Okaycms >> 2.3.4 Security Vulnerabilities

CVE-2019-16885

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.

CVSS Score

9.8

EPSS Score

0.169

Published

2019-12-03

Page 1

Vulnerabilities

Vulnerable Software

Okay-Cms: >> Okaycms >> 2.3.4 Security Vulnerabilities

Products

Pricing

Contact Us