CVE-2015-5687
Anchor CMS 0.9.x - Remote Code Execution via Cookie Deserialization
Title source: llmDescription
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://github.com/anchorcms/anchor-cms/pull/904
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Aug/76
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Aug/83
Scores
EPSS
0.0250
EPSS Percentile
82.7%
Details
CWE
CWE-94
Status
published
Products (3)
anchorcms/anchor_cms
0.9.1
anchorcms/anchor_cms
0.9.2
anchorcms/anchor_cms
0.9.3 (3 CPE variants)
Published
Oct 05, 2015
Tracked Since
Feb 18, 2026