CVE-2016-9045

HIGH

ProcessMaker Enterprise Core <3.0.1.7 - Code Injection

Title source: llm

Description

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314

Scores

CVSS v3 8.8

EPSS 0.0061

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

processmaker/processmaker

Timeline

Published Sep 17, 2018

Tracked Since Feb 18, 2026