CRITICAL
Intelliants
CVE published 2017-01-20
CVE-2017-5543
CVE-2017-5543 affects Subrion CMS 4.0.5. The public description says includes/classes/ia.core.users.php can allow remote attackers to conduct PHP Object Injection via crafted serialized data in a salt cookie sent with a login request. NVD rates the issue Critical with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning a network-reachable attack with no privileges or user interaction and high imp [truncated]