CVE-2013-7034

LiveZilla < 5.1.2.1 - Remote Code Execution via Serialized PHP Object in Cookie

Title source: llm
STIX 2.1

Description

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64383
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89796

Scores

EPSS 0.0158
EPSS Percentile 72.6%

Details

CWE
CWE-94
Status published
Products (17)
livezilla/livezilla 3.1.8.3
livezilla/livezilla 3.2.0.2
livezilla/livezilla 4.0.1.0
livezilla/livezilla 4.0.1.1
livezilla/livezilla 4.0.1.2
livezilla/livezilla 4.1.0.3
livezilla/livezilla 4.1.0.4
livezilla/livezilla 4.2.0.4
livezilla/livezilla 4.2.0.5
livezilla/livezilla 5.0.1.0
... and 7 more
Published May 05, 2014
Tracked Since Feb 18, 2026