A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| spitfire_project | spitfire | 1.0475 |