CVE-2022-39297: Deserialization of Untrusted Data
(updated )
MelisCms provides a full CMS for Melis Platform, including templating system, drag’n’drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms
, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms
>= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.
References
Detect and mitigate CVE-2022-39297 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →