2022-08-08 20:16
CHT Security Red Team Discovered Vulnerability in Well-Known EDM System
Summary
Vulnerability List
[CVE-2022-35223] – Insecure Deserialization
Details
1. Insecure Deserialization
Description
The specific function accepts any type of object to be deserialized.
Impact
Attackers can send malicious serialized objects to execute arbitrary commands without privilege.
Known Affected Software
- version before < 2020
Credits
Xin-Yue, Song (CHT Security)