← back
CVE-2014-8684

CVE-2014-8684

EPSS 71.5%
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/36264unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.htmlhttp://seclists.org/fulldisclosure/2014/May/54https://github.com/kohana/core/pull/492https://scott.arciszewski.me/research/full/php-framework-timing-attacks-object-injection