CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5687 – Anchor CMS PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-5687
27 Aug 2015 — system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. system/session/drivers/cookie.php en Anchor CMS 0.9.x permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de una cookie serializada manipulada. Anchor CMS suffers from a PHP object injection vulnerability. • http://seclists.org/fulldisclosure/2015/Aug/76 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2014-9182 – Anchor CMS 0.9.2 Header Injection
https://notcve.org/view.php?id=CVE-2014-9182
10 Nov 2014 — models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. models/comment.php en Anchor CMS 0.9.2 y anteriores permite a atacantes remotos inyectar cabeceras arbitrarias en mensajes de correo a través de una cabecera Host: manipulada. Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. • https://packetstorm.news/files/id/129042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •