CVE-2024-13136
Published: 05 January 2025
Description
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2024-13136 is a critical vulnerability in wangl1989 mysiteforme version 1.0, affecting the rememberMeManager function in the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The flaw stems from improper input validation (CWE-20) enabling deserialization (CWE-502), which can be manipulated remotely.
An attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation results in low impacts to confidentiality, integrity, and availability, as reflected in its CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The exploit has been publicly disclosed and may be used.
Advisories reference GitHub issues at https://github.com/wangl1989/mysiteforme/issues/52 and https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365, along with VulDB entries including https://vuldb.com/?ctiid.290210, https://vuldb.com/?id.290210, and https://vuldb.com/?submit.468391, where further details on the issue are documented.
Details
- CWE(s)