includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| intelliants/subrion(Packagist) | 4.0.5 | 4.1.0 | N/A |
CVSS Metrics
