CVE-2024-13136

MEDIUM

wangl1989 mysiteforme 1.0 - Deserialization

Title source: llm

Description

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Exploit, Issue Tracking] https://github.com/wangl1989/mysiteforme/issues/52

[Exploit, Issue Tracking] https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.290210

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.290210

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.468391

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

wangl1989/mysiteforme

Timeline

Published Jan 05, 2025

Tracked Since Feb 18, 2026