CVE-2024-13136

MEDIUM

wangl1989 mysiteforme 1.0 - Deserialization

Title source: llm
STIX 2.1

Description

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.290210
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.290210
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.468391
Exploit, Issue Tracking issue-tracking
https://github.com/wangl1989/mysiteforme/issues/52
Exploit, Issue Tracking exploit issue-tracking
https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365

Scores

CVSS v3 6.3
EPSS 0.0058
EPSS Percentile 43.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-20 CWE-502
Status published
Products (1)
wangl1989/mysiteforme 1.0
Published Jan 05, 2025
Tracked Since Feb 18, 2026