CVE-2013-7034
LiveZilla < 5.1.2.1 - Remote Code Execution via Serialized PHP Object in Cookie
Title source: llmDescription
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
References (4)
Core 4
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html
Various Sources x_refsource_confirm
http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64383
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89796
Scores
EPSS
0.0158
EPSS Percentile
72.6%
Details
CWE
CWE-94
Status
published
Products (17)
livezilla/livezilla
3.1.8.3
livezilla/livezilla
3.2.0.2
livezilla/livezilla
4.0.1.0
livezilla/livezilla
4.0.1.1
livezilla/livezilla
4.0.1.2
livezilla/livezilla
4.1.0.3
livezilla/livezilla
4.1.0.4
livezilla/livezilla
4.2.0.4
livezilla/livezilla
4.2.0.5
livezilla/livezilla
5.0.1.0
... and 7 more
Published
May 05, 2014
Tracked Since
Feb 18, 2026