Cwe 502

🧬 CWE Liées 70
slug: cwe-502

Explication

CWE-502は「シリアライズされたデータ (オブジェクトをバイト列に変換したもの) を信頼せずに復元 (デシリアライズ) してしまう」欠陥です。 Java・Python・PHP・.NETなどで、攻撃者が細工したオブジェクトを送ると任意コード実行されてしまうため、Webサーバー乗っ取りの典型ルートです。
📌 Exemple
CVE-2017-9805 (Apache Struts2 REST Plugin): XMLデシリアライズによるRCEで、Equifax事件 (1.4億人個人情報流出) の直接原因となった。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 492

ID Titre
CVE-2026-40735 Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-40754 Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
CVE-2026-40739 Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
CVE-2026-40758 Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
CVE-2026-40736 Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
CVE-2026-40755 Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
CVE-2026-40760 Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
CVE-2026-40761 Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
CVE-2026-40725 Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-42380 Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
CVE-2026-39539 Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
CVE-2026-39545 Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
CVE-2026-39567 Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
CVE-2026-39578 Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
CVE-2026-39573 Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
CVE-2026-39554 Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
CVE-2026-39529 Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
CVE-2026-39557 Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
CVE-2026-39580 Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
CVE-2026-39577 Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
CVE-2026-27410 Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-39443 Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
CVE-2026-39446 Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
CVE-2026-11857 Désérialisation non sécurisée dans csharp (CVE-2026-11857)
CVE-2026-12115 Désérialisation non sécurisée dans wordpress (CVE-2026-12115)
CVE-2026-12256 Contributor PHP Object Injection in Avada <= 3.15.3 versions.
CVE-2025-69108 Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69122 Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-60205 Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →